USN-2379-1

Advisory lineage Upstream: 18 Downstream: 0
Published: 09 Oct 2014, 11:00
Last modified:22 Apr 2026, 09:03

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Oct 2014, 11:00
Published
Vulnerability first disclosed
22 Apr 2026, 09:03
Last Modified
Vulnerability information updated

Description

linux vulnerabilities Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. (CVE-2014-3181) Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. (CVE-2014-3184) Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel's Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device. (CVE-2014-3185) Steven Vittitoe reported a buffer overflow in the Linux kernel's PicoLCD HID device driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via a specially craft device. (CVE-2014-3186) A flaw was discovered in the Linux kernel's associative-array garbage collection implementation. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact by using keyctl operations. (CVE-2014-3631) A flaw was discovered in the Linux kernel's UDF filesystem (used on some CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause CD, DVD or image file with a specially crafted inode to be mounted can cause a denial of service (infinite loop or stack consumption). (CVE-2014-6410) James Eckersall discovered a buffer overflow in the Ceph filesystem in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (memory consumption and panic) or possibly have other unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416) James Eckersall discovered a flaw in the handling of memory allocation failures in the Ceph filesystem. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-6417) James Eckersall discovered a flaw in how the Ceph filesystem validates auth replies. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact. (CVE-2014-6418)

Affected Systems

  • ubuntulinux

    < 3.13.0-37.64

References (10)