CVE-2014-3181

Published Sep 28, 2014

Last updated 9 months ago

Overview

Description: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.
Source: chrome-cve-admin@google.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD433771-7205-41B8-848A-FF1B51543C0D",
            "versionEndExcluding": "3.2.63",
            "versionStartIncluding": "2.6.37"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95E0847B-5988-4925-98FF-29EEE803ECC7",
            "versionEndExcluding": "3.4.104",
            "versionStartIncluding": "3.3"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2191FD4-0CB4-4F8A-8726-76D49FEA4D47",
            "versionEndExcluding": "3.10.56",
            "versionStartIncluding": "3.5"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67AF3C65-8392-4F2B-9177-BFE7217D2A9C",
            "versionEndExcluding": "3.12.31",
            "versionStartIncluding": "3.11"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77E5DE5F-B918-4793-8BD2-75145FAC7A19",
            "versionEndExcluding": "3.14.20",
            "versionStartIncluding": "3.13"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0038C65-82B1-4326-9FA6-3468B58A40B5",
            "versionEndExcluding": "3.16.4",
            "versionStartIncluding": "3.15"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References