{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-05T00:00:00", "descriptions": [{"lang": "en", "value": "The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "USN-2377-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2377-1"}, {"name": "RHSA-2014:1318", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html"}, {"name": "USN-2375-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2375-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141391"}, {"name": "69768", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69768"}, {"name": "SUSE-SU-2015:0652", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"}, {"tags": ["x_refsource_MISC"], "url": "https://code.google.com/p/google-security-research/issues/detail?id=91"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2"}, {"name": "SUSE-SU-2015:0481", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/09/11/21"}, {"name": "USN-2378-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2378-1"}, {"name": "openSUSE-SU-2015:0566", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"name": "USN-2374-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2374-1"}, {"name": "RHSA-2015:1272", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/4ab25786c87eb20857bbb715c3ae34ec8fd6a214"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ab25786c87eb20857bbb715c3ae34ec8fd6a214"}, {"name": "USN-2379-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2379-1"}, {"name": "USN-2376-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2376-1"}, {"name": "SUSE-SU-2015:0812", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-3184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2377-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2377-1"}, {"name": "RHSA-2014:1318", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html"}, {"name": "USN-2375-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2375-1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1141391", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141391"}, {"name": "69768", "refsource": "BID", "url": "http://www.securityfocus.com/bid/69768"}, {"name": "SUSE-SU-2015:0652", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"}, {"name": "https://code.google.com/p/google-security-research/issues/detail?id=91", "refsource": "MISC", "url": "https://code.google.com/p/google-security-research/issues/detail?id=91"}, {"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2"}, {"name": "SUSE-SU-2015:0481", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/09/11/21"}, {"name": "USN-2378-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2378-1"}, {"name": "openSUSE-SU-2015:0566", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"name": "USN-2374-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2374-1"}, {"name": "RHSA-2015:1272", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"}, {"name": "https://github.com/torvalds/linux/commit/4ab25786c87eb20857bbb715c3ae34ec8fd6a214", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/4ab25786c87eb20857bbb715c3ae34ec8fd6a214"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ab25786c87eb20857bbb715c3ae34ec8fd6a214", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ab25786c87eb20857bbb715c3ae34ec8fd6a214"}, {"name": "USN-2379-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2379-1"}, {"name": "USN-2376-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2376-1"}, {"name": "SUSE-SU-2015:0812", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:57.036Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2377-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2377-1"}, {"name": "RHSA-2014:1318", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html"}, {"name": "USN-2375-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2375-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141391"}, {"name": "69768", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69768"}, {"name": "SUSE-SU-2015:0652", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://code.google.com/p/google-security-research/issues/detail?id=91"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2"}, {"name": "SUSE-SU-2015:0481", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/09/11/21"}, {"name": "USN-2378-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2378-1"}, {"name": "openSUSE-SU-2015:0566", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"name": "USN-2374-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2374-1"}, {"name": "RHSA-2015:1272", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/4ab25786c87eb20857bbb715c3ae34ec8fd6a214"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ab25786c87eb20857bbb715c3ae34ec8fd6a214"}, {"name": "USN-2379-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2379-1"}, {"name": "USN-2376-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2376-1"}, {"name": "SUSE-SU-2015:0812", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-3184", "datePublished": "2014-09-28T10:00:00", "dateReserved": "2014-05-03T00:00:00", "dateUpdated": "2024-08-06T10:35:57.036Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8452407A-5074-4385-B9A1-9E49042CCAEB", "versionEndIncluding": "3.16.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CFFCDFC-AE4F-47EE-B1DA-05A6865D1745", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c."}, {"lang": "es", "value": "Las funciones report_fixup en el subsistema HID en el kernel de Linux anterior a 3.16.2 podr\u00edan permitir a atacantes f\u00edsicamente pr\u00f3ximos causar una denegaci\u00f3n de servicio (escritura fuera de rango) a trav\u00e9s de un dispositivo manipulado que proporciona un descriptor de informes peque\u00f1o, relacionado con (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, y (6) drivers/hid/hid-sunplus.c."}], "id": "CVE-2014-3184", "lastModified": "2023-11-07T02:19:57.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-28T10:55:10.220", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ab25786c87eb20857bbb715c3ae34ec8fd6a214"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.openwall.com/lists/oss-security/2014/09/11/21"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/69768"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2374-1"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2375-1"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2376-1"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2377-1"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2378-1"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2379-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141391"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/google-security-research/issues/detail?id=91"}, {"source": "chrome-cve-admin@google.com", "url": "https://github.com/torvalds/linux/commit/4ab25786c87eb20857bbb715c3ae34ec8fd6a214"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1272", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-573.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-07-20T00:00:00Z"}, {"advisory": "RHSA-2014:1971", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-123.13.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-12-09T00:00:00Z"}, {"advisory": "RHSA-2014:1318", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.10.33-rt32.51.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-09-29T00:00:00Z"}], "bugzilla": {"description": "Kernel: HID: off by one error in various _report_fixup routines", "id": "1141391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141391"}, "csaw": false, "cvss": {"cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-193", "details": ["The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.", "Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer."], "name": "CVE-2014-3184", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3184\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3184"], "statement": "This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.", "threat_severity": "Low"}