Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2014-3185 | First vendor Publication | 2014-09-28 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.9 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:27522 | |||
| Oval ID: | oval:org.mitre.oval:def:27522 | ||
| Title: | ELSA-2014-1843 -- kernel security and bug fix update (important) | ||
| Description: | [2.6.32-504.1.3] - Revert: [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] [2.6.32-504.1.2] - [x86] kvm: fix PIT timer race condition (mguzik) [1149592 1149593] {CVE-2014-3611} - [x86] kvm: vmx: handle invept and invvpid vm exits gracefull (mguzik) [1144826 1144837 1144827 1144838] {CVE-2014-3646 CVE-2014-3645} [2.6.32-504.1.1] - [fs] call d_op->d_hash on last component of umount path (Abhijith Das) [1145193 1129712] - [usb] serial: memory corruption flaw (Jacob Tanenbaum) [1141401 1141402] {CVE-2014-3185} - [char] ipmi: Clear drvdata when interface is removed (Tony Camuso) [1149578 1135910] - [char] ipmi: init shadow_ipmi_smi_handlers early in ipmi_si_intf (Tony Camuso) [1149580 1139464] - [net] ipsec: update MAX_AH_AUTH_LEN to support sha512 (Herbert Xu) [1149083 1140103] - [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] - [netdrv] virtio-net: fix big buffer receiving (Jason Wang) [1148693 1144073] - [netdrv] tg3: prevent ifup/ifdown during PCI error recovery (Ivan Vecera) [1142570 1117009] | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-1843 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 CVE-2014-3185 | Version: | 3 |
| Platform(s): | Oracle Linux 6 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-04-03 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO |
| 2015-07-30 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1272.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0812-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0652-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0481-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0068-1.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-118.nasl - Type : ACT_GATHER_INFO |
| 2015-03-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO |
| 2015-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0284.nasl - Type : ACT_GATHER_INFO |
| 2014-12-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-141217.nasl - Type : ACT_GATHER_INFO |
| 2014-12-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-141202.nasl - Type : ACT_GATHER_INFO |
| 2014-12-22 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-793.nasl - Type : ACT_GATHER_INFO |
| 2014-12-22 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-791.nasl - Type : ACT_GATHER_INFO |
| 2014-12-17 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15912.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141209_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
| 2014-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO |
| 2014-12-10 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1971.nasl - Type : ACT_GATHER_INFO |
| 2014-12-05 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3096.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1843.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1843.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1843.nasl - Type : ACT_GATHER_INFO |
| 2014-11-04 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3086.nasl - Type : ACT_GATHER_INFO |
| 2014-10-31 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3085.nasl - Type : ACT_GATHER_INFO |
| 2014-10-31 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3084.nasl - Type : ACT_GATHER_INFO |
| 2014-10-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-201.nasl - Type : ACT_GATHER_INFO |
| 2014-10-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2379-1.nasl - Type : ACT_GATHER_INFO |
| 2014-10-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2378-1.nasl - Type : ACT_GATHER_INFO |
| 2014-10-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2376-1.nasl - Type : ACT_GATHER_INFO |
| 2014-10-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2375-1.nasl - Type : ACT_GATHER_INFO |
| 2014-10-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2374-1.nasl - Type : ACT_GATHER_INFO |
| 2014-10-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1318.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-25 11:14:19 |
|
| 2024-10-23 01:27:03 |
|
| 2024-08-02 12:28:10 |
|
| 2024-08-02 01:08:26 |
|
| 2024-03-14 21:27:40 |
|
| 2024-03-12 12:24:55 |
|
| 2024-02-15 21:28:12 |
|
| 2024-02-02 01:27:22 |
|
| 2024-02-01 12:08:06 |
|
| 2023-12-29 01:23:56 |
|
| 2023-11-22 01:23:47 |
|
| 2023-11-07 21:45:19 |
|
| 2023-09-05 12:25:56 |
|
| 2023-09-05 01:08:00 |
|
| 2023-09-02 12:25:55 |
|
| 2023-09-02 01:08:07 |
|
| 2023-08-12 12:28:14 |
|
| 2023-08-12 01:07:37 |
|
| 2023-08-11 12:24:04 |
|
| 2023-08-11 01:07:48 |
|
| 2023-08-06 12:23:23 |
|
| 2023-08-06 01:07:35 |
|
| 2023-08-04 12:23:26 |
|
| 2023-08-04 01:07:39 |
|
| 2023-07-14 12:23:24 |
|
| 2023-07-14 01:07:38 |
|
| 2023-03-29 01:25:16 |
|
| 2023-03-28 12:07:59 |
|
| 2022-10-11 12:21:08 |
|
| 2022-10-11 01:07:47 |
|
| 2022-09-09 01:18:36 |
|
| 2022-03-11 01:17:26 |
|
| 2021-05-25 12:14:07 |
|
| 2021-05-04 12:31:25 |
|
| 2021-04-22 01:38:15 |
|
| 2020-08-11 12:10:54 |
|
| 2020-08-08 01:10:53 |
|
| 2020-08-07 12:11:02 |
|
| 2020-08-07 01:11:32 |
|
| 2020-08-01 12:10:53 |
|
| 2020-07-30 01:11:26 |
|
| 2020-05-23 01:51:58 |
|
| 2020-05-23 00:40:52 |
|
| 2019-01-25 12:06:16 |
|
| 2018-11-17 12:04:49 |
|
| 2018-10-30 12:06:52 |
|
| 2018-08-09 12:02:53 |
|
| 2018-04-25 12:05:41 |
|
| 2017-04-04 13:20:39 |
|
| 2017-03-22 12:00:48 |
|
| 2016-08-12 12:01:28 |
|
| 2016-07-13 12:00:44 |
|
| 2016-06-30 21:38:00 |
|
| 2016-06-28 22:47:53 |
|
| 2016-04-27 00:44:54 |
|
| 2015-07-31 13:28:37 |
|
| 2015-05-21 13:31:20 |
|
| 2015-05-12 09:27:36 |
|
| 2015-04-07 09:26:49 |
|
| 2015-03-27 13:28:08 |
|
| 2015-03-26 09:26:20 |
|
| 2015-03-18 09:26:43 |
|
| 2015-03-14 13:25:25 |
|
| 2015-03-06 13:25:45 |
|
| 2014-12-27 13:25:03 |
|
| 2014-12-23 13:26:30 |
|
| 2014-12-18 13:25:31 |
|
| 2014-12-16 13:25:13 |
|
| 2014-12-11 13:25:03 |
|
| 2014-12-06 13:27:00 |
|
| 2014-11-14 13:27:49 |
|
| 2014-11-13 13:27:00 |
|
| 2014-11-13 00:23:37 |
|
| 2014-11-05 13:28:29 |
|
| 2014-11-05 13:27:52 |
|
| 2014-11-01 13:26:39 |
|
| 2014-10-24 13:26:22 |
|
| 2014-10-23 13:24:52 |
|
| 2014-10-12 13:27:18 |
|
| 2014-10-02 13:27:14 |
|
| 2014-09-30 00:23:52 |
|
| 2014-09-28 17:23:43 |
|
