Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer.
Find out more about CVE-2014-3184 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.
| Base Score | 1.2 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:N/I:P/A:N |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2015:1272 | 2015-07-20 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2014:1971 | 2014-12-09 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2014:1318 | 2014-09-29 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected |
Vulmon