PT-2014-5125 · Linux+5 · Linux Kernel+5

James Forshaw

·

Publicado

2014-09-09

·

Atualizado

2024-03-14

·

CVE-2014-3185

CVSS v2.0

6.9

Média

VetorAV:L/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.16.2
Description The issue concerns multiple buffer overflows in the command port read callback function in drivers/usb/serial/whiteheat.c within the Whiteheat USB Serial Driver. This allows physically proximate attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and system crash. The attack can be carried out via a crafted device that provides a large amount of data associated with a bulk response, specifically through (1) EHCI or (2) XHCI.
Recommendations For Linux kernel versions prior to 3.16.2, update to version 3.16.2 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices or disabling the command port read callback function in the Whiteheat USB Serial Driver until a patch is applied. Additionally, avoid using crafted devices that could exploit this vulnerability.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2014-2106
ALT-PU-2015-1794
AZL-34323
AZL-34849
CESA-2014_1843
CESA-2014_1971
CVE-2014-3185
DLA-118-1
OPENSUSE-SU-2014_1669-1
OPENSUSE-SU-2014_1677-1
RHSA-2014:1318
RHSA-2014:1843
RHSA-2014:1971
RHSA-2014_1843
RHSA-2014_1971
RHSA-2015:0284
SUSE-RU-2015:0621-1
SUSE-SU-2015:0481-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0652-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
USN-2374-1
USN-2375-1
USN-2376-1
USN-2377-1
USN-2378-1
USN-2379-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu