CVE-2014-3186

Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

History

06 Jun 2024, 19:46

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:3.16.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_7:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.16.2:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
References () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=844817e47eef14141cf59b8d5ac08dd11c0a9189 - () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=844817e47eef14141cf59b8d5ac08dd11c0a9189 - Vendor Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html - () http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html - () http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2014/09/11/22 - () http://www.openwall.com/lists/oss-security/2014/09/11/22 - Mailing List
References () http://www.securityfocus.com/bid/69763 - () http://www.securityfocus.com/bid/69763 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-2376-1 - () http://www.ubuntu.com/usn/USN-2376-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2377-1 - () http://www.ubuntu.com/usn/USN-2377-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2378-1 - () http://www.ubuntu.com/usn/USN-2378-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2379-1 - () http://www.ubuntu.com/usn/USN-2379-1 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1141407 - () https://bugzilla.redhat.com/show_bug.cgi?id=1141407 - Issue Tracking, Third Party Advisory
References () https://code.google.com/p/google-security-research/issues/detail?id=101 - () https://code.google.com/p/google-security-research/issues/detail?id=101 - Third Party Advisory
References () https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189 - () https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189 - Third Party Advisory
First Time Canonical ubuntu Linux
Canonical

07 Nov 2023, 02:19

Type Values Removed Values Added
References
  • {'url': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=844817e47eef14141cf59b8d5ac08dd11c0a9189', 'name': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=844817e47eef14141cf59b8d5ac08dd11c0a9189', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=844817e47eef14141cf59b8d5ac08dd11c0a9189 -
References (UBUNTU) http://www.ubuntu.com/usn/USN-2377-1 - () http://www.ubuntu.com/usn/USN-2377-1 -
References (BID) http://www.securityfocus.com/bid/69763 - () http://www.securityfocus.com/bid/69763 -
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1141407 - () https://bugzilla.redhat.com/show_bug.cgi?id=1141407 -
References (UBUNTU) http://www.ubuntu.com/usn/USN-2378-1 - () http://www.ubuntu.com/usn/USN-2378-1 -
References (MLIST) http://www.openwall.com/lists/oss-security/2014/09/11/22 - () http://www.openwall.com/lists/oss-security/2014/09/11/22 -
References (MISC) https://code.google.com/p/google-security-research/issues/detail?id=101 - Exploit, Patch () https://code.google.com/p/google-security-research/issues/detail?id=101 -
References (UBUNTU) http://www.ubuntu.com/usn/USN-2376-1 - () http://www.ubuntu.com/usn/USN-2376-1 -
References (UBUNTU) http://www.ubuntu.com/usn/USN-2379-1 - () http://www.ubuntu.com/usn/USN-2379-1 -
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html - () http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html -
References (CONFIRM) https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189 - () https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189 -
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html - () http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html -

Information

Published : 2014-09-28 10:55

Updated : 2024-06-06 19:46


NVD link : CVE-2014-3186

Mitre link : CVE-2014-3186

CVE.ORG link : CVE-2014-3186


JSON object : View

Products Affected

linux

  • linux_kernel

canonical

  • ubuntu_linux
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer