USN-2379-1: Linux kernel vulnerabilities
First published: Thu Oct 09 2014(Updated: )
Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. (CVE-2014-3181) Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. (CVE-2014-3184) Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel's Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device. (CVE-2014-3185) Steven Vittitoe reported a buffer overflow in the Linux kernel's PicoLCD HID device driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via a specially craft device. (CVE-2014-3186) A flaw was discovered in the Linux kernel's associative-array garbage collection implementation. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact by using keyctl operations. (CVE-2014-3631) A flaw was discovered in the Linux kernel's UDF filesystem (used on some CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause CD, DVD or image file with a specially crafted inode to be mounted can cause a denial of service (infinite loop or stack consumption). (CVE-2014-6410) James Eckersall discovered a buffer overflow in the Ceph filesystem in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (memory consumption and panic) or possibly have other unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416) James Eckersall discovered a flaw in the handling of memory allocation failures in the Ceph filesystem. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-6417) James Eckersall discovered a flaw in how the Ceph filesystem validates auth replies. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact. (CVE-2014-6418)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-3.13.0-37-generic | <3.13.0-37.64 | 3.13.0-37.64 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-37-generic-lpae | <3.13.0-37.64 | 3.13.0-37.64 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-37-lowlatency | <3.13.0-37.64 | 3.13.0-37.64 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-37-powerpc-e500 | <3.13.0-37.64 | 3.13.0-37.64 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-37-powerpc-e500mc | <3.13.0-37.64 | 3.13.0-37.64 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-37-powerpc-smp | <3.13.0-37.64 | 3.13.0-37.64 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-37-powerpc64-emb | <3.13.0-37.64 | 3.13.0-37.64 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-37-powerpc64-smp | <3.13.0-37.64 | 3.13.0-37.64 |
| Ubuntu 22.04 LTS | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2014-3181
- https://ubuntu.com/security/CVE-2014-3184
- https://ubuntu.com/security/CVE-2014-3185
- https://ubuntu.com/security/CVE-2014-3186
- https://ubuntu.com/security/CVE-2014-3631
- https://ubuntu.com/security/CVE-2014-6410
- https://ubuntu.com/security/CVE-2014-6416
- https://ubuntu.com/security/CVE-2014-6417
- https://ubuntu.com/security/CVE-2014-6418
- https://ubuntu.com/security/notices/USN-2378-1
- https://ubuntu.com/security/notices/USN-2376-1
- https://ubuntu.com/security/notices/USN-2377-1
- https://ubuntu.com/security/notices/USN-2375-1
- https://ubuntu.com/security/notices/USN-2374-1
- https://launchpad.net/ubuntu/+source/linux/3.13.0-37.64
- https://ubuntu.com/security/notices/USN-2379-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-2379-1?
The severity of USN-2379-1 is high due to multiple stack buffer overflows that could lead to system crashes or arbitrary code execution.
How do I fix USN-2379-1?
To fix USN-2379-1, you need to update your Linux kernel to version 3.13.0-37.64 or later on Ubuntu 14.04.
What products are affected by USN-2379-1?
USN-2379-1 affects multiple packages including linux-image-3.13.0-37-generic, linux-image-3.13.0-37-generic-lpae, and others on Ubuntu 14.04.
Who reported the vulnerability in USN-2379-1?
The vulnerability in USN-2379-1 was reported by Steven Vittitoe.
Can USN-2379-1 be exploited remotely?
No, USN-2379-1 requires physical access for an attacker to exploit the vulnerability.
- agent/references
- agent/type
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu 22.04 lts
- version/ubuntu 22.04 lts/14.04