CVE-2014-8884

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 30-11-2014 02:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:P/I:P/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.1

Base score

3.9

8.5

Exploitability score

Impact score

Verification logic

Reference

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2e323ec96077642d397bb1c355def536d489d16
https://bugzilla.redhat.com/show_bug.cgi?id=1164266
[oss-security] 20141114 Re: CVE Request: Linux kernel: ttusb-dec: overflow by descriptor-
https://github.com/torvalds/linux/commit/f2e323ec96077642d397bb1c355def536d489d16
62305-
DSA-3093-
RHSA-2015:0290-
RHSA-2015:0782-
RHSA-2015:0864-

Keywords

CVE-2014-8884

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-8884

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures