SB2014091814 - Fedora 21 update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014091814

SB2014091814 - Fedora 21 update for kernel

Published: September 18, 2014 Updated: April 24, 2025

Security Bulletin ID SB2014091814
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 33% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2014-3181)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Buffer overflow (CVE-ID: CVE-2014-3186)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to memory corruption within the picolcd_raw_event() function in drivers/hid/hid-picolcd_core.c. A local user can execute arbitrary code.


3) Resource management error (CVE-ID: CVE-2014-6410)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.


Remediation

Install update from vendor's website.

References