CVE-2015-7833 - The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in

CVE-2015-7833

Summary

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.

References

Vulnerable Configurations

cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.1:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 13-09-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-17

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	77030
bugtraq	20151007 Re: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver)
debian	DSA-3396 DSA-3426
misc	http://www.os-s.net/advisories/DOS-KernelCrashesOnInvalidUSBDeviceDescriptors-UsbvisionDriver.pdf https://bugzilla.redhat.com/show_bug.cgi?id=1201858
sectrack	1034452
suse	SUSE-SU-2016:1937 SUSE-SU-2016:1985 SUSE-SU-2016:2105 openSUSE-SU-2016:2184
ubuntu	USN-2929-1 USN-2929-2 USN-2932-1 USN-2947-1 USN-2947-2 USN-2947-3 USN-2948-1 USN-2948-2 USN-2967-1 USN-2967-2

Last major update

13-09-2017 - 01:29

Published

19-10-2015 - 10:59

Last modified

13-09-2017 - 01:29