ID CVE-2015-7833
Summary The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.
References
Vulnerable Configurations
  • cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.1:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 13-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 77030
bugtraq 20151007 Re: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver)
debian
  • DSA-3396
  • DSA-3426
misc
sectrack 1034452
suse
  • SUSE-SU-2016:1937
  • SUSE-SU-2016:1985
  • SUSE-SU-2016:2105
  • openSUSE-SU-2016:2184
ubuntu
  • USN-2929-1
  • USN-2929-2
  • USN-2932-1
  • USN-2947-1
  • USN-2947-2
  • USN-2947-3
  • USN-2948-1
  • USN-2948-2
  • USN-2967-1
  • USN-2967-2
Last major update 13-09-2017 - 01:29
Published 19-10-2015 - 10:59
Last modified 13-09-2017 - 01:29
Back to Top