USN-2376-1: Linux kernel vulnerabilities
First published: Thu Oct 09 2014(Updated: )
Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. (CVE-2014-3181) A bounds check error was discovered in the driver for the Logitech Unifying receivers and devices. A physically proximate attacker could exploit this flaw to to cause a denial of service (invalid kfree) or to execute arbitrary code. (CVE-2014-3182) Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. (CVE-2014-3184) Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel's Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device. (CVE-2014-3185) Steven Vittitoe reported a buffer overflow in the Linux kernel's PicoLCD HID device driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via a specially craft device. (CVE-2014-3186) A flaw was discovered in the Linux kernel's UDF filesystem (used on some CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause CD, DVD or image file with a specially crafted inode to be mounted can cause a denial of service (infinite loop or stack consumption). (CVE-2014-6410) James Eckersall discovered a buffer overflow in the Ceph filesystem in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (memory consumption and panic) or possibly have other unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416) James Eckersall discovered a flaw in the handling of memory allocation failures in the Ceph filesystem. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-6417) James Eckersall discovered a flaw in how the Ceph filesystem validates auth replies. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact. (CVE-2014-6418)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-3.2.0-70-generic-pae | <3.2.0-70.105 | 3.2.0-70.105 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-70-omap | <3.2.0-70.105 | 3.2.0-70.105 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-70-powerpc-smp | <3.2.0-70.105 | 3.2.0-70.105 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-70-powerpc64-smp | <3.2.0-70.105 | 3.2.0-70.105 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-70-generic | <3.2.0-70.105 | 3.2.0-70.105 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-70-highbank | <3.2.0-70.105 | 3.2.0-70.105 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-70-virtual | <3.2.0-70.105 | 3.2.0-70.105 |
| Ubuntu 22.04 LTS | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2014-3181
- https://ubuntu.com/security/CVE-2014-3182
- https://ubuntu.com/security/CVE-2014-3184
- https://ubuntu.com/security/CVE-2014-3185
- https://ubuntu.com/security/CVE-2014-3186
- https://ubuntu.com/security/CVE-2014-6410
- https://ubuntu.com/security/CVE-2014-6416
- https://ubuntu.com/security/CVE-2014-6417
- https://ubuntu.com/security/CVE-2014-6418
- https://ubuntu.com/security/notices/USN-2378-1
- https://ubuntu.com/security/notices/USN-2377-1
- https://ubuntu.com/security/notices/USN-2379-1
- https://ubuntu.com/security/notices/USN-2395-1
- https://ubuntu.com/security/notices/USN-2394-1
- https://ubuntu.com/security/notices/USN-2375-1
- https://ubuntu.com/security/notices/USN-2374-1
- https://launchpad.net/ubuntu/+source/linux/3.2.0-70.105
- https://ubuntu.com/security/notices/USN-2376-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-2376-1?
USN-2376-1 is considered a high severity vulnerability due to the potential for denial of service and arbitrary code execution.
How do I fix USN-2376-1?
To mitigate USN-2376-1, update the affected Linux kernel packages to version 3.2.0-70.105 or later.
What systems are affected by USN-2376-1?
USN-2376-1 affects Ubuntu 12.04 systems running specific versions of the Linux kernel.
What type of attack does USN-2376-1 enable?
USN-2376-1 allows a physically proximate attacker to exploit buffer overflows in the magicmouse HID driver.
What is the nature of the vulnerability described in USN-2376-1?
The vulnerability in USN-2376-1 is caused by multiple stack buffer overflows within the Linux kernel's magicmouse HID driver.
- agent/references
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu 22.04 lts
- version/ubuntu 22.04 lts/12.04