CVE-2014-3182

Published Sep 28, 2014

Last updated 3 months ago

CVSS info 6.9

Overview

Description: Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
Source: chrome-cve-admin@google.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08F5EF97-E1B9-46F0-979B-E77F62DD8DB1",
            "versionEndExcluding": "3.2.63"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95E0847B-5988-4925-98FF-29EEE803ECC7",
            "versionEndExcluding": "3.4.104",
            "versionStartIncluding": "3.3"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9ACBC23-0CDB-475C-A567-6A4D9F322B31",
            "versionEndExcluding": "3.10.54",
            "versionStartIncluding": "3.5"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDEAB94F-EC88-4575-BB26-4B55F09B4298",
            "versionEndExcluding": "3.12.28",
            "versionStartIncluding": "3.11"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E47EF9D-62CE-4AF1-A8C9-14E0D9AB3A76",
            "versionEndExcluding": "3.14.18",
            "versionStartIncluding": "3.13"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DAD07BE-4260-45D8-A744-53DE4E3DC346",
            "versionEndExcluding": "3.16.2",
            "versionStartIncluding": "3.15"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References