PT-2014-5123 · Linux+1 · Linux Kernel+1
Ben Hawkes
·
Published
2014-09-09
·
Updated
2023-12-29
·
CVE-2014-3183
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 3.16.2
Description
The issue is related to a heap-based buffer overflow in the
logi dj ll raw request function. This function is located in the drivers/hid/hid-logitech-dj.c file of the Linux kernel. The overflow can be triggered by a crafted device that specifies a large report size for an LED report, allowing physically proximate attackers to cause a denial of service, such as a system crash, or possibly execute arbitrary code.Recommendations
For Linux kernel versions prior to 3.16.2, update to version 3.16.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the
logi dj ll raw request function until a patch is available.Exploit
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Linux Kernel