CVE-2014-3185Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents8 sources
Severity
6.9MEDIUMNVD
OSV4.3
EPSS
0.1%
top 72.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelPhp5Debian Linux+4 more
Timeline
PublishedSep 28
Latest updateJun 11

Description

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages9 packages

NVDlinux/linux_kernel3.33.4.104+5
Debianlinux/linux_kernel< 3.16.2-2+3
Ubuntulinux/linux_kernel< 3.13.0-37.64
debiandebian/linux< linux 3.16.2-2 (bookworm)

🔴Vulnerability Details

4
GHSA
GHSA-2jr7-m5j8-2vf4: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat2022-05-17
OSV
php5 vulnerabilities2016-04-21
OSV
linux vulnerabilities2014-10-09
OSV
CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat2014-09-28

📋Vendor Advisories

9
Microsoft
CVE-2014-3185: NIST NVD Details: https://nvd2024-06-11
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2014-10-09
Ubuntu
Linux kernel vulnerabilities2014-10-09
Ubuntu
Linux kernel vulnerabilities2014-10-09
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-10-09

💬Community

2
Bugzilla
CVE-2014-3185 Kernel: USB serial: memory corruption flaw [fedora-all]2014-09-13
Bugzilla
CVE-2014-3185 Kernel: USB serial: memory corruption flaw2014-09-13