Bug 1141400 (CVE-2014-3185) - CVE-2014-3185 Kernel: USB serial: memory corruption flaw
Summary: CVE-2014-3185 Kernel: USB serial: memory corruption flaw
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3185
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1141401 1141402 1141403 1141404 1141405 1141411 1173714
Blocks: 1140968
TreeView+ depends on / blocked
 
Reported: 2014-09-13 01:21 UTC by Prasad Pandit
Modified: 2021-02-17 06:13 UTC (History)
32 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Clone Of:
Environment:
Last Closed: 2016-02-10 08:00:33 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1318 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update 2014-09-29 23:41:06 UTC
Red Hat Product Errata RHSA-2014:1843 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2014-11-11 20:34:11 UTC
Red Hat Product Errata RHSA-2014:1971 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2014-12-10 01:33:29 UTC
Red Hat Product Errata RHSA-2015:0284 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2015-03-03 17:49:58 UTC

Description Prasad Pandit 2014-09-13 01:21:55 UTC
Linux kernel built with the USB Serial Converter support(USB_SERIAL) along with
a USB ConnectTech WhiteHEAT Serial Driver(CONFIG_USB_SERIAL_WHITEHEAT) is
vulnerable to a memory corruption flaw. It could occur when reading completion
commands via USB Request Blocks buffers.

A local user with physical access to the system could use this flaw to corrupt
kernel memory area or crash the system kernel resulting in DoS.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818

Comment 1 Prasad Pandit 2014-09-13 01:24:08 UTC
Statement:

This issue affects the versions of the Linux kernel as shipped with
Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel
updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may
address this issue.

Comment 4 Prasad Pandit 2014-09-13 02:32:52 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1141411]

Comment 5 errata-xmlrpc 2014-09-29 19:42:25 UTC
This issue has been addressed in the following products:

  MRG for RHEL-6 v.2

Via RHSA-2014:1318 https://rhn.redhat.com/errata/RHSA-2014-1318.html

Comment 6 Martin Prpič 2014-09-30 10:48:00 UTC
IssueDescription:

A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.

Comment 7 errata-xmlrpc 2014-11-11 15:34:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:1843 https://rhn.redhat.com/errata/RHSA-2014-1843.html

Comment 8 errata-xmlrpc 2014-12-09 20:35:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html

Comment 12 errata-xmlrpc 2015-03-03 12:50:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only

Via RHSA-2015:0284 https://rhn.redhat.com/errata/RHSA-2015-0284.html


Note You need to log in before you can comment on or make changes to this bug.