Vulnerabilites related to novell - suse_linux_enterprise_module_for_public_cloud
cve-2016-3138
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.268Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/03/14/4", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316204", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-14T00:00:00", descriptions: [ { lang: "en", value: "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-06T16:15:49", orgId: "f81092c5-7f14-476d-80dc-24857f90be84", shortName: "microfocus", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/03/14/4", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316204", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@microfocus.com", ID: "CVE-2016-3138", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-2971-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, { name: "USN-2969-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/03/14/4", }, { name: "SUSE-SU-2016:1707", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1316204", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316204", }, { name: "openSUSE-SU-2016:1382", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, { name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", refsource: "CONFIRM", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f81092c5-7f14-476d-80dc-24857f90be84", assignerShortName: "microfocus", cveId: "CVE-2016-3138", datePublished: "2016-05-02T10:00:00", dateReserved: "2016-03-13T00:00:00", dateUpdated: "2024-08-05T23:47:57.268Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4997
Vulnerability from cvelistv5
Published
2016-07-03 21:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:40.226Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:2180", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1709", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html", }, { name: "USN-3017-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "USN-3017-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { name: "RHSA-2016:1847", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349722", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3018-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { name: "SUSE-SU-2016:2174", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html", }, { name: "USN-3017-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { name: "RHSA-2016:1875", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html", }, { name: "USN-3019-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { name: "SUSE-SU-2016:2018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3016-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { name: "USN-3016-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { name: "[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/24/5", }, { name: "SUSE-SU-2016:2181", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html", }, { name: "SUSE-SU-2016:2178", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html", }, { name: "40435", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40435/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c", }, { name: "USN-3018-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { name: "1036171", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036171", }, { name: "40489", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40489/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:2177", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html", }, { name: "RHSA-2016:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html", }, { name: "SUSE-SU-2016:2179", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-3016-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { name: "SUSE-SU-2016:1710", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html", }, { name: "[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/09/29/10", }, { name: "USN-3016-4", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { name: "91451", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91451", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c", }, { name: "USN-3020-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-24T00:00:00", descriptions: [ { lang: "en", value: "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SU-2016:2180", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1709", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html", }, { name: "USN-3017-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "USN-3017-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { name: "RHSA-2016:1847", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349722", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3018-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { name: "SUSE-SU-2016:2174", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html", }, { name: "USN-3017-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { name: "RHSA-2016:1875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html", }, { name: "USN-3019-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { name: "SUSE-SU-2016:2018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3016-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { name: "USN-3016-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { name: "[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/24/5", }, { name: "SUSE-SU-2016:2181", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html", }, { name: "SUSE-SU-2016:2178", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html", }, { name: "40435", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40435/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c", }, { name: "USN-3018-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { name: "1036171", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036171", }, { name: "40489", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40489/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:2177", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html", }, { name: "RHSA-2016:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html", }, { name: "SUSE-SU-2016:2179", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-3016-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { name: "SUSE-SU-2016:1710", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html", }, { name: "[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/09/29/10", }, { name: "USN-3016-4", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { name: "91451", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91451", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c", }, { name: "USN-3020-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-4997", datePublished: "2016-07-03T21:00:00", dateReserved: "2016-05-24T00:00:00", dateUpdated: "2024-08-06T00:46:40.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3134
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.222Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://code.google.com/p/google-security-research/issues/detail?id=758", }, { name: "SUSE-SU-2016:2010", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { name: "USN-2930-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2930-1", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383", }, { name: "SUSE-SU-2016:1994", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1961", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { name: "USN-2930-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2930-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, { name: "SUSE-SU-2016:2001", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "RHSA-2016:1847", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html", }, { name: "SUSE-SU-2016:2006", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { name: "USN-3049-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3049-1", }, { name: "RHSA-2016:1875", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html", }, { name: "SUSE-SU-2016:2014", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-2930-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2930-3", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "1036763", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036763", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:2009", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "USN-2929-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2929-1", }, { name: "USN-2932-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2932-1", }, { name: "USN-3050-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3050-1", }, { name: "SUSE-SU-2016:2005", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2007", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:2000", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { name: "RHSA-2016:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html", }, { name: "SUSE-SU-2016:1995", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:2002", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { name: "USN-2931-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2931-1", }, { name: "USN-2929-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2929-2", }, { name: "84305", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84305", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-27T00:00:00", descriptions: [ { lang: "en", value: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-06T16:15:29", orgId: "f81092c5-7f14-476d-80dc-24857f90be84", shortName: "microfocus", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, { tags: [ "x_refsource_MISC", ], url: "https://code.google.com/p/google-security-research/issues/detail?id=758", }, { name: "SUSE-SU-2016:2010", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { name: "USN-2930-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2930-1", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383", }, { name: "SUSE-SU-2016:1994", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1961", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { name: "USN-2930-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2930-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, { name: "SUSE-SU-2016:2001", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "RHSA-2016:1847", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html", }, { name: "SUSE-SU-2016:2006", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { name: "USN-3049-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3049-1", }, { name: "RHSA-2016:1875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html", }, { name: "SUSE-SU-2016:2014", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-2930-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2930-3", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "1036763", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036763", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:2009", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "USN-2929-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2929-1", }, { name: "USN-2932-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2932-1", }, { name: "USN-3050-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3050-1", }, { name: "SUSE-SU-2016:2005", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2007", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:2000", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { name: "RHSA-2016:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html", }, { name: "SUSE-SU-2016:1995", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:2002", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { name: "USN-2931-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2931-1", }, { name: "USN-2929-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2929-2", }, { name: "84305", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84305", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@microfocus.com", ID: "CVE-2016-3134", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, { name: "https://code.google.com/p/google-security-research/issues/detail?id=758", refsource: "MISC", url: "https://code.google.com/p/google-security-research/issues/detail?id=758", }, { name: "SUSE-SU-2016:2010", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { name: "USN-2930-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2930-1", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383", }, { name: "SUSE-SU-2016:1994", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1961", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { name: "USN-2930-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2930-2", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, { name: "SUSE-SU-2016:2001", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { name: "SUSE-SU-2016:1985", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "RHSA-2016:1847", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html", }, { name: "SUSE-SU-2016:2006", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { name: "USN-3049-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3049-1", }, { name: "RHSA-2016:1875", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html", }, { name: "SUSE-SU-2016:2014", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { name: "openSUSE-SU-2016:1641", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "SUSE-SU-2016:1764", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-2930-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2930-3", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "1036763", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036763", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:2009", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "USN-2929-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2929-1", }, { name: "USN-2932-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2932-1", }, { name: "USN-3050-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3050-1", }, { name: "SUSE-SU-2016:2005", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2007", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { name: "SUSE-SU-2016:2074", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:2000", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { name: "RHSA-2016:1883", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html", }, { name: "SUSE-SU-2016:1995", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:2002", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { name: "USN-2931-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2931-1", }, { name: "USN-2929-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2929-2", }, { name: "84305", refsource: "BID", url: "http://www.securityfocus.com/bid/84305", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f81092c5-7f14-476d-80dc-24857f90be84", assignerShortName: "microfocus", cveId: "CVE-2016-3134", datePublished: "2016-04-27T17:00:00", dateReserved: "2016-03-13T00:00:00", dateUpdated: "2024-08-05T23:47:57.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4486
Vulnerability from cvelistv5
Published
2016-05-23 10:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:32:25.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "USN-3006-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3006-1", }, { name: "USN-3004-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "USN-3001-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1333316", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { name: "90051", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/90051", }, { name: "USN-3005-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3005-1", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "46006", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46006/", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3002-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2989-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { name: "USN-3007-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3007-1", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", }, { name: "USN-3003-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-2998-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { name: "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/05/04/27", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-04T00:00:00", descriptions: [ { lang: "en", value: "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-20T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "USN-3006-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3006-1", }, { name: "USN-3004-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "USN-3001-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1333316", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { name: "90051", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/90051", }, { name: "USN-3005-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3005-1", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "46006", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/46006/", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3002-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2989-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { name: "USN-3007-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3007-1", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", }, { name: "USN-3003-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-2998-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { name: "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/05/04/27", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4486", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "USN-3006-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3006-1", }, { name: "USN-3004-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "USN-3001-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3001-1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1333316", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1333316", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { name: "90051", refsource: "BID", url: "http://www.securityfocus.com/bid/90051", }, { name: "USN-3005-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3005-1", }, { name: "SUSE-SU-2016:1985", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "openSUSE-SU-2016:2184", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "46006", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/46006/", }, { name: "openSUSE-SU-2016:1641", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "USN-2997-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "USN-3000-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3002-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-2996-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2989-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2989-1", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { name: "USN-3007-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3007-1", }, { name: "SUSE-SU-2016:2074", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", refsource: "CONFIRM", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", }, { name: "USN-3003-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "SUSE-SU-2016:2105", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-2998-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2998-1", }, { name: "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/05/04/27", }, { name: "SUSE-SU-2016:1937", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4486", datePublished: "2016-05-23T10:00:00", dateReserved: "2016-05-04T00:00:00", dateUpdated: "2024-08-06T00:32:25.246Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2185
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:24:48.335Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "84341", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84341", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283363", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317014", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283362", }, { name: "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Mar/90", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { name: "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Mar/116", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-10T00:00:00", descriptions: [ { lang: "en", value: "The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-29T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "84341", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84341", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283363", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317014", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283362", }, { name: "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Mar/90", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { name: "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Mar/116", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2185", datePublished: "2016-05-02T10:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:24:48.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3136
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283370", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/03/14/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "39541", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39541/", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317007", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "84299", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84299", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-14T00:00:00", descriptions: [ { lang: "en", value: "The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-06T16:15:30", orgId: "f81092c5-7f14-476d-80dc-24857f90be84", shortName: "microfocus", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283370", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/03/14/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "39541", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39541/", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317007", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "84299", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84299", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@microfocus.com", ID: "CVE-2016-3136", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-2971-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1283370", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283370", }, { name: "USN-2968-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/03/14/2", }, { name: "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { name: "USN-2971-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "39541", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/39541/", }, { name: "USN-2971-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1317007", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317007", }, { name: "USN-2996-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "USN-2968-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "84299", refsource: "BID", url: "http://www.securityfocus.com/bid/84299", }, { name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", refsource: "CONFIRM", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f81092c5-7f14-476d-80dc-24857f90be84", assignerShortName: "microfocus", cveId: "CVE-2016-3136", datePublished: "2016-05-02T10:00:00", dateReserved: "2016-03-13T00:00:00", dateUpdated: "2024-08-05T23:47:57.405Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3689
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=971628", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { name: "1035441", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035441", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1320060", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { name: "[oss-security] 20160330 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/03/30/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-30T00:00:00", descriptions: [ { lang: "en", value: "The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-02T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=971628", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { name: "1035441", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035441", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1320060", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { name: "[oss-security] 20160330 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/03/30/6", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3689", datePublished: "2016-05-02T10:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4805
Vulnerability from cvelistv5
Published
2016-05-23 10:00
Modified
2024-08-06 00:39
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:39:26.273Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3021-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "1036763", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036763", }, { name: "[oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/05/15/2", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-3021-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335803", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "90605", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/90605", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-20T00:00:00", descriptions: [ { lang: "en", value: "Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-12T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3021-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "1036763", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036763", }, { name: "[oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/05/15/2", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-3021-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335803", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "90605", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/90605", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4805", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1985", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "openSUSE-SU-2016:2184", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3021-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3021-2", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, { name: "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, { name: "openSUSE-SU-2016:1641", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "1036763", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036763", }, { name: "[oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/05/15/2", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-3021-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2", refsource: "CONFIRM", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1335803", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335803", }, { name: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:2105", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "90605", refsource: "BID", url: "http://www.securityfocus.com/bid/90605", }, { name: "SUSE-SU-2016:1937", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4805", datePublished: "2016-05-23T10:00:00", dateReserved: "2016-05-15T00:00:00", dateUpdated: "2024-08-06T00:39:26.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1583
Vulnerability from cvelistv5
Published
2016-06-27 10:00
Modified
2024-08-05 23:02
Severity ?
EPSS score ?
Summary
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:02:11.789Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3006-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3006-1", }, { name: "USN-3004-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "SUSE-SU-2016:2010", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { name: "RHSA-2016:2766", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2766.html", }, { name: "USN-3001-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { name: "SUSE-SU-2016:1994", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "39992", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39992/", }, { name: "SUSE-SU-2016:1961", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "USN-3005-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3005-1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "91157", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91157", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-2999-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2999-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { name: "SUSE-SU-2016:2006", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { name: "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/10/8", }, { name: "SUSE-SU-2016:2014", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "1036763", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036763", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { name: "USN-3002-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:2009", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "SUSE-SU-2016:1596", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html", }, { name: "RHSA-2017:2760", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2760", }, { name: "SUSE-SU-2016:2005", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2007", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { name: "USN-3007-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3007-1", }, { name: "SUSE-SU-2016:2000", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { name: "RHSA-2016:2124", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2124.html", }, { name: "USN-3003-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "SUSE-SU-2016:1995", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/22/1", }, { name: "SUSE-SU-2016:2002", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721", }, { name: "USN-2998-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html", }, { name: "USN-3008-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3008-1", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-10T00:00:00", descriptions: [ { lang: "en", value: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-06T21:57:01", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "USN-3006-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3006-1", }, { name: "USN-3004-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "SUSE-SU-2016:2010", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { name: "RHSA-2016:2766", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2766.html", }, { name: "USN-3001-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { name: "SUSE-SU-2016:1994", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "39992", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39992/", }, { name: "SUSE-SU-2016:1961", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "USN-3005-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3005-1", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "91157", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91157", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-2999-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2999-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { name: "SUSE-SU-2016:2006", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { name: "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/10/8", }, { name: "SUSE-SU-2016:2014", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "1036763", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036763", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { name: "USN-3002-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:2009", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "SUSE-SU-2016:1596", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html", }, { name: "RHSA-2017:2760", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2760", }, { name: "SUSE-SU-2016:2005", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2007", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { name: "USN-3007-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3007-1", }, { name: "SUSE-SU-2016:2000", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { name: "RHSA-2016:2124", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2124.html", }, { name: "USN-3003-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "SUSE-SU-2016:1995", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/22/1", }, { name: "SUSE-SU-2016:2002", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721", }, { name: "USN-2998-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html", }, { name: "USN-3008-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3008-1", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", ID: "CVE-2016-1583", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3006-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3006-1", }, { name: "USN-3004-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "SUSE-SU-2016:2010", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { name: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { name: "RHSA-2016:2766", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2766.html", }, { name: "USN-3001-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3001-1", }, { name: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", refsource: "CONFIRM", url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { name: "SUSE-SU-2016:1994", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "39992", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/39992/", }, { name: "SUSE-SU-2016:1961", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "USN-3005-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3005-1", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836", }, { name: "SUSE-SU-2016:1985", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "91157", refsource: "BID", url: "http://www.securityfocus.com/bid/91157", }, { name: "openSUSE-SU-2016:2184", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-2999-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2999-1", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { name: "SUSE-SU-2016:2006", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { name: "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/10/8", }, { name: "SUSE-SU-2016:2014", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { name: "openSUSE-SU-2016:1641", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "USN-2997-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "USN-3000-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "1036763", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036763", }, { name: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { name: "USN-3002-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-2996-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:2009", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "SUSE-SU-2016:1596", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html", }, { name: "RHSA-2017:2760", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2760", }, { name: "SUSE-SU-2016:2005", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2007", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { name: "USN-3007-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3007-1", }, { name: "SUSE-SU-2016:2000", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { name: "RHSA-2016:2124", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2124.html", }, { name: "USN-3003-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "SUSE-SU-2016:1995", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:2105", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/22/1", }, { name: "SUSE-SU-2016:2002", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721", }, { name: "USN-2998-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2998-1", }, { name: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html", }, { name: "USN-3008-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3008-1", }, { name: "SUSE-SU-2016:1937", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2016-1583", datePublished: "2016-06-27T10:00:00", dateReserved: "2016-01-12T00:00:00", dateUpdated: "2024-08-05T23:02:11.789Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3672
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "USN-3004-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "USN-3001-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { name: "20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/537996/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html", }, { name: "20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Apr/26", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { name: "85884", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/85884", }, { name: "RHSA-2018:1062", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1062", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3002-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "FEDORA-2016-76706f51a7", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.html", }, { name: "RHSA-2018:0676", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0676", }, { name: "39669", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39669/", }, { name: "USN-2989-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324749", }, { name: "1035506", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035506", }, { name: "USN-3003-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-2998-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-27T00:00:00", descriptions: [ { lang: "en", value: "The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "USN-3004-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "USN-3001-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { name: "20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/537996/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html", }, { name: "20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2016/Apr/26", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { name: "85884", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/85884", }, { name: "RHSA-2018:1062", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1062", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { tags: [ "x_refsource_MISC", ], url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3002-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "FEDORA-2016-76706f51a7", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.html", }, { name: "RHSA-2018:0676", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0676", }, { name: "39669", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39669/", }, { name: "USN-2989-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324749", }, { name: "1035506", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035506", }, { name: "USN-3003-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-2998-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3672", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "USN-3004-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "USN-3001-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3001-1", }, { name: "20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/537996/100/0/threaded", }, { name: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html", refsource: "MISC", url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html", }, { name: "20160406 CVE-2016-3672 - Unlimiting the stack not longer disables ASLR", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2016/Apr/26", }, { name: "openSUSE-SU-2016:2184", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { name: "85884", refsource: "BID", url: "http://www.securityfocus.com/bid/85884", }, { name: "RHSA-2018:1062", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1062", }, { name: "openSUSE-SU-2016:1641", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "USN-2997-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "USN-3000-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { name: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis", refsource: "MISC", url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3002-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-2996-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "FEDORA-2016-76706f51a7", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.html", }, { name: "RHSA-2018:0676", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0676", }, { name: "39669", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/39669/", }, { name: "USN-2989-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2989-1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1324749", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324749", }, { name: "1035506", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035506", }, { name: "USN-3003-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "SUSE-SU-2016:2105", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-2998-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2998-1", }, { name: "SUSE-SU-2016:1937", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3672", datePublished: "2016-04-27T17:00:00", dateReserved: "2016-03-25T00:00:00", dateUpdated: "2024-08-06T00:03:34.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2186
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:24:48.391Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f", }, { name: "84337", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84337", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317015", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Mar/117", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Mar/85", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-10T00:00:00", descriptions: [ { lang: "en", value: "The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-29T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f", }, { name: "84337", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84337", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317015", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Mar/117", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Mar/85", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2186", datePublished: "2016-05-02T10:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:24:48.391Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4482
Vulnerability from cvelistv5
Published
2016-05-23 10:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:32:25.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "90029", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/90029", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1332931", }, { name: "USN-3017-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "USN-3017-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3018-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { name: "USN-3021-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { name: "USN-3017-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, { name: "USN-3019-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3016-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { name: "USN-3016-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-3021-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "USN-3018-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { name: "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/05/04/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, { name: "FEDORA-2016-4ce97823af", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-3016-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { name: "USN-3016-4", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { name: "USN-3020-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-03T00:00:00", descriptions: [ { lang: "en", value: "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "90029", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/90029", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1332931", }, { name: "USN-3017-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "USN-3017-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3018-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { name: "USN-3021-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { name: "USN-3017-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, { name: "USN-3019-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3016-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { name: "USN-3016-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-3021-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "USN-3018-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { name: "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/05/04/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, { name: "FEDORA-2016-4ce97823af", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-3016-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { name: "USN-3016-4", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { name: "USN-3020-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4482", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "90029", refsource: "BID", url: "http://www.securityfocus.com/bid/90029", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1332931", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1332931", }, { name: "USN-3017-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3017-1", }, { name: "SUSE-SU-2016:1985", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "USN-3017-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3017-3", }, { name: "openSUSE-SU-2016:2184", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3018-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3018-2", }, { name: "USN-3021-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3021-2", }, { name: "USN-3017-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3017-2", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, { name: "USN-3019-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3019-1", }, { name: "openSUSE-SU-2016:1641", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3016-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3016-2", }, { name: "USN-3016-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3016-1", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-3021-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "USN-3018-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3018-1", }, { name: "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/05/04/2", }, { name: "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, { name: "FEDORA-2016-4ce97823af", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html", }, { name: "SUSE-SU-2016:2105", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-3016-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3016-3", }, { name: "USN-3016-4", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3016-4", }, { name: "USN-3020-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3020-1", }, { name: "SUSE-SU-2016:1937", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4482", datePublished: "2016-05-23T10:00:00", dateReserved: "2016-05-04T00:00:00", dateUpdated: "2024-08-06T00:32:25.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2184
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.605Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "20160310 oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Mar/89", }, { name: "84340", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84340", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317012", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://source.android.com/security/bulletin/2016-11-01.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "20160310 oss-2016-16: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Mar/88", }, { name: "20160314 Re: oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Mar/102", }, { name: "openSUSE-SU-2016:1008", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html", }, { name: "39555", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39555/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-27T00:00:00", descriptions: [ { lang: "en", value: "The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-07T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "20160310 oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Mar/89", }, { name: "84340", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84340", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317012", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://source.android.com/security/bulletin/2016-11-01.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "20160310 oss-2016-16: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Mar/88", }, { name: "20160314 Re: oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Mar/102", }, { name: "openSUSE-SU-2016:1008", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html", }, { name: "39555", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39555/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2184", datePublished: "2016-04-27T17:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:17:50.605Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8816
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:29:22.034Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:2010", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, { name: "SUSE-SU-2016:1994", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1961", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "SUSE-SU-2016:2001", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { name: "DSA-3503", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3503", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5", }, { name: "SUSE-SU-2016:2006", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { name: "SUSE-SU-2016:2014", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { name: "83363", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/83363", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { name: "SUSE-SU-2016:2009", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/02/23/5", }, { name: "SUSE-SU-2016:2005", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2007", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:1995", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:2002", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-31T00:00:00", descriptions: [ { lang: "en", value: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:2010", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, { name: "SUSE-SU-2016:1994", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1961", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "SUSE-SU-2016:2001", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { name: "DSA-3503", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3503", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5", }, { name: "SUSE-SU-2016:2006", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { name: "SUSE-SU-2016:2014", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { name: "83363", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/83363", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { name: "SUSE-SU-2016:2009", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/02/23/5", }, { name: "SUSE-SU-2016:2005", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2007", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:1995", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:2002", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8816", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:2010", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { name: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, { name: "SUSE-SU-2016:1994", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "SUSE-SU-2016:1961", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "SUSE-SU-2016:2001", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { name: "DSA-3503", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3503", }, { name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5", refsource: "CONFIRM", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5", }, { name: "SUSE-SU-2016:2006", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { name: "SUSE-SU-2016:2014", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { name: "83363", refsource: "BID", url: "http://www.securityfocus.com/bid/83363", }, { name: "SUSE-SU-2016:1764", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589", }, { name: "SUSE-SU-2016:1707", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { name: "http://source.android.com/security/bulletin/2016-07-01.html", refsource: "CONFIRM", url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { name: "SUSE-SU-2016:2009", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/02/23/5", }, { name: "SUSE-SU-2016:2005", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2007", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { name: "SUSE-SU-2016:2074", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "SUSE-SU-2016:1995", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:2002", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8816", datePublished: "2016-04-27T17:00:00", dateReserved: "2016-02-23T00:00:00", dateUpdated: "2024-08-06T08:29:22.034Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4569
Vulnerability from cvelistv5
Published
2016-05-23 10:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:32:26.040Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-3017-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/05/09/17", }, { name: "USN-3017-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3018-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { name: "USN-3021-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { name: "USN-3017-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { name: "RHSA-2016:2584", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1334643", }, { name: "RHSA-2016:2574", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { name: "USN-3019-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3016-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { name: "USN-3016-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-3021-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "USN-3018-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { name: "90347", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/90347", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-3016-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { name: "USN-3016-4", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { name: "USN-3020-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-09T00:00:00", descriptions: [ { lang: "en", value: "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-3017-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, { name: "SUSE-SU-2016:1985", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/05/09/17", }, { name: "USN-3017-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { name: "openSUSE-SU-2016:2184", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3018-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { name: "USN-3021-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { name: "USN-3017-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { name: "RHSA-2016:2584", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1334643", }, { name: "RHSA-2016:2574", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { name: "USN-3019-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { name: "openSUSE-SU-2016:1641", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3016-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { name: "USN-3016-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-3021-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "USN-3018-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { name: "90347", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/90347", }, { name: "SUSE-SU-2016:2105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-3016-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { name: "USN-3016-4", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { name: "USN-3020-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4569", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-3017-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3017-1", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, { name: "SUSE-SU-2016:1985", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { name: "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/05/09/17", }, { name: "USN-3017-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3017-3", }, { name: "openSUSE-SU-2016:2184", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { name: "USN-3018-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3018-2", }, { name: "USN-3021-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3021-2", }, { name: "USN-3017-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3017-2", }, { name: "RHSA-2016:2584", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1334643", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1334643", }, { name: "RHSA-2016:2574", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { name: "USN-3019-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3019-1", }, { name: "openSUSE-SU-2016:1641", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { name: "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-3016-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3016-2", }, { name: "USN-3016-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3016-1", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-3021-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "USN-3018-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3018-1", }, { name: "90347", refsource: "BID", url: "http://www.securityfocus.com/bid/90347", }, { name: "SUSE-SU-2016:2105", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { name: "USN-3016-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3016-3", }, { name: "USN-3016-4", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3016-4", }, { name: "USN-3020-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3020-1", }, { name: "SUSE-SU-2016:1937", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4569", datePublished: "2016-05-23T10:00:00", dateReserved: "2016-05-09T00:00:00", dateUpdated: "2024-08-06T00:32:26.040Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2188
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:24:48.299Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "39556", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39556/", }, { name: "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Mar/87", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317018", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0", }, { name: "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Mar/118", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-10T00:00:00", descriptions: [ { lang: "en", value: "The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-07T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "39556", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39556/", }, { name: "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Mar/87", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317018", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0", }, { name: "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Mar/118", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2188", datePublished: "2016-05-02T10:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:24:48.299Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3156
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318172", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "RHSA-2016:2584", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { name: "RHSA-2016:2574", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "84428", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84428", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "[oss-security] 20160315 CVE request: ipv4: Don't do expensive useless work during inetdev destroy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/03/15/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-15T00:00:00", descriptions: [ { lang: "en", value: "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318172", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "USN-2969-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "RHSA-2016:2584", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { name: "RHSA-2016:2574", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "84428", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84428", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "[oss-security] 20160315 CVE request: ipv4: Don't do expensive useless work during inetdev destroy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/03/15/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3156", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-2971-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1318172", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318172", }, { name: "USN-2970-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "USN-2969-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { name: "USN-2968-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "RHSA-2016:2584", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { name: "RHSA-2016:2574", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { name: "USN-2971-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { name: "USN-2968-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "84428", refsource: "BID", url: "http://www.securityfocus.com/bid/84428", }, { name: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "[oss-security] 20160315 CVE request: ipv4: Don't do expensive useless work during inetdev destroy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/03/15/3", }, { name: "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3156", datePublished: "2016-04-27T17:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:47:57.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3140
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "39537", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39537/", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316995", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { name: "84304", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84304", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/03/14/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-14T00:00:00", descriptions: [ { lang: "en", value: "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-06T16:15:57", orgId: "f81092c5-7f14-476d-80dc-24857f90be84", shortName: "microfocus", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "39537", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39537/", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316995", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { name: "84304", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84304", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/03/14/6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@suse.com", ID: "CVE-2016-3140", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-2971-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "39537", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/39537/", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1316995", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316995", }, { name: "USN-2968-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { name: "SUSE-SU-2016:1707", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "openSUSE-SU-2016:1382", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", refsource: "CONFIRM", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { name: "84304", refsource: "BID", url: "http://www.securityfocus.com/bid/84304", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/03/14/6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f81092c5-7f14-476d-80dc-24857f90be84", assignerShortName: "microfocus", cveId: "CVE-2016-3140", datePublished: "2016-05-02T10:00:00", dateReserved: "2016-03-13T00:00:00", dateUpdated: "2024-08-05T23:47:57.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2847
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:32:21.204Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313428", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52", }, { name: "USN-2967-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2967-1", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2949-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2949-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "83870", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/83870", }, { name: "DSA-3503", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3503", }, { name: "USN-2947-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2947-3", }, { name: "USN-2967-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2967-2", }, { name: "[oss-security] 20160301 CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/03/01/3", }, { name: "RHSA-2016:2584", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { name: "RHSA-2016:2574", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { name: "USN-2947-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2947-2", }, { name: "USN-2947-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2947-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52", }, { name: "USN-2946-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2946-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "RHSA-2017:0217", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0217.html", }, { name: "USN-2948-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2948-1", }, { name: "USN-2946-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2946-1", }, { name: "USN-2948-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2948-2", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-01T00:00:00", descriptions: [ { lang: "en", value: "fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313428", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52", }, { name: "USN-2967-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2967-1", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2949-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2949-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "83870", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/83870", }, { name: "DSA-3503", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3503", }, { name: "USN-2947-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2947-3", }, { name: "USN-2967-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2967-2", }, { name: "[oss-security] 20160301 CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/03/01/3", }, { name: "RHSA-2016:2584", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { name: "RHSA-2016:2574", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { name: "USN-2947-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2947-2", }, { name: "USN-2947-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2947-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52", }, { name: "USN-2946-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2946-2", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "RHSA-2017:0217", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0217.html", }, { name: "USN-2948-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2948-1", }, { name: "USN-2946-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2946-1", }, { name: "USN-2948-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2948-2", }, { name: "SUSE-SU-2016:1937", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2847", datePublished: "2016-04-27T17:00:00", dateReserved: "2016-03-06T00:00:00", dateUpdated: "2024-08-05T23:32:21.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3951
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-06 00:10
Severity ?
EPSS score ?
Summary
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:10:31.959Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "USN-3004-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "USN-3001-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324782", }, { name: "USN-3021-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "91028", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91028", }, { name: "1036763", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036763", }, { name: "USN-3002-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-3021-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "[oss-security] 20160406 Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/04/06/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b", }, { name: "USN-2989-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { name: "[netdev] 20160304 Re: Possible double-free in the usbnet driver", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.spinics.net/lists/netdev/msg367669.html", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "USN-3003-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274", }, { name: "USN-2998-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-04T00:00:00", descriptions: [ { lang: "en", value: "Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-12T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "USN-3004-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "USN-3001-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324782", }, { name: "USN-3021-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "91028", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91028", }, { name: "1036763", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036763", }, { name: "USN-3002-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-3021-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "[oss-security] 20160406 Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/04/06/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b", }, { name: "USN-2989-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { name: "[netdev] 20160304 Re: Possible double-free in the usbnet driver", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.spinics.net/lists/netdev/msg367669.html", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "USN-3003-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274", }, { name: "USN-2998-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3951", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "USN-3004-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3004-1", }, { name: "USN-3001-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3001-1", }, { name: "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1324782", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324782", }, { name: "USN-3021-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3021-2", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b", }, { name: "SUSE-SU-2016:1764", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "91028", refsource: "BID", url: "http://www.securityfocus.com/bid/91028", }, { name: "1036763", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036763", }, { name: "USN-3002-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3002-1", }, { name: "USN-3021-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3021-1", }, { name: "[oss-security] 20160406 Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/04/06/4", }, { name: "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b", }, { name: "USN-2989-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2989-1", }, { name: "[netdev] 20160304 Re: Possible double-free in the usbnet driver", refsource: "MLIST", url: "https://www.spinics.net/lists/netdev/msg367669.html", }, { name: "openSUSE-SU-2016:1382", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "USN-3003-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3003-1", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274", }, { name: "USN-2998-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2998-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3951", datePublished: "2016-05-02T10:00:00", dateReserved: "2016-04-05T00:00:00", dateUpdated: "2024-08-06T00:10:31.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3139
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "39538", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39538/", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316993", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283377", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-3139", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283375", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-27T00:00:00", descriptions: [ { lang: "en", value: "The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-06T16:16:07", orgId: "f81092c5-7f14-476d-80dc-24857f90be84", shortName: "microfocus", }, references: [ { name: "39538", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39538/", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316993", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283377", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-3139", }, { tags: [ "x_refsource_MISC", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283375", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@microfocus.com", ID: "CVE-2016-3139", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "39538", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/39538/", }, { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1316993", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316993", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1283377", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283377", }, { name: "https://security-tracker.debian.org/tracker/CVE-2016-3139", refsource: "CONFIRM", url: "https://security-tracker.debian.org/tracker/CVE-2016-3139", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc", refsource: "MISC", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc", }, { name: "SUSE-SU-2016:1764", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1283375", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283375", }, { name: "SUSE-SU-2016:1707", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "SUSE-SU-2016:1019", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { name: "SUSE-SU-2016:2074", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f81092c5-7f14-476d-80dc-24857f90be84", assignerShortName: "microfocus", cveId: "CVE-2016-3139", datePublished: "2016-04-27T17:00:00", dateReserved: "2016-03-13T00:00:00", dateUpdated: "2024-08-05T23:47:57.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3137
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:47:57.272Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/03/14/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316996", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, { name: "84300", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84300", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-14T00:00:00", descriptions: [ { lang: "en", value: "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-06T16:15:58", orgId: "f81092c5-7f14-476d-80dc-24857f90be84", shortName: "microfocus", }, references: [ { name: "USN-2971-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/03/14/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316996", }, { name: "SUSE-SU-2016:1696", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2970-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, { name: "84300", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84300", }, { name: "USN-2968-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2968-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, { name: "openSUSE-SU-2016:1382", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@microfocus.com", ID: "CVE-2016-3137", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-2971-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { name: "SUSE-SU-2016:1690", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { name: "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/03/14/3", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1316996", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316996", }, { name: "SUSE-SU-2016:1696", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { name: "USN-2970-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { name: "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", refsource: "CONFIRM", url: "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, { name: "84300", refsource: "BID", url: "http://www.securityfocus.com/bid/84300", }, { name: "USN-2968-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { name: "USN-2971-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { name: "USN-2997-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { name: "SUSE-SU-2016:1764", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { name: "USN-3000-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { name: "DSA-3607", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3607", }, { name: "USN-2971-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { name: "SUSE-SU-2016:1707", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { name: "USN-2996-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { name: "SUSE-SU-2016:1672", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { name: "USN-2968-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", refsource: "CONFIRM", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, { name: "openSUSE-SU-2016:1382", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { name: "SUSE-SU-2016:2074", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", refsource: "CONFIRM", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f81092c5-7f14-476d-80dc-24857f90be84", assignerShortName: "microfocus", cveId: "CVE-2016-3137", datePublished: "2016-05-02T10:00:00", dateReserved: "2016-03-13T00:00:00", dateUpdated: "2024-08-05T23:47:57.272Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "3C171088-A361-4950-A397-BB4FD83DBB68", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12:*:*:*:*:*:*:*", matchCriteriaId: "41BB6157-21C1-43AF-9468-2E49D9BEFEAD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", matchCriteriaId: "BCEA3D62-99E0-48F9-A0CF-981BF28A509D", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12:*:*:*:*:*:*:*", matchCriteriaId: "0441632F-40BF-432B-BB1C-6396C726C4F6", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*", matchCriteriaId: "5AB3CAA1-C20C-4A86-841E-EC0858164D7D", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:4.5.0:rc7:*:*:*:*:*:*", matchCriteriaId: "74D8F1E1-5953-48EB-A3FB-218ACA871E9A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.", }, { lang: "es", value: "Vulnerabilidad de liberación de memoria doble en drivers/net/usb/cdc_ncm.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) o posiblemente tener otro impacto no especificado insertando un dispositivo USB con un descriptor USB no válido.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>", id: "CVE-2016-3951", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:41.490", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/04/06/4", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/91028", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1036763", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324782", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274", }, { source: "cve@mitre.org", url: "https://www.spinics.net/lists/netdev/msg367669.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/04/06/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.spinics.net/lists/netdev/msg367669.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-27 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7C3C488C-9D3E-4C02-BA67-566C975A97AE", versionEndIncluding: "3.16.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, { lang: "es", value: "La función wacom_probe en drivers/input/tablet/wacom_sys.c en el kernel de Linux en versiones anteriores a 3.17 permite a atacantes físicamente próximos causar una denegación de servicio (referencia a puntero NULL y caída del sistema) a través de un valor de dispositivo final manipulado en un dispositivo USB descriptor.", }, ], id: "CVE-2016-3139", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-27T17:59:24.993", references: [ { source: "security@opentext.com", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "security@opentext.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283375", }, { source: "security@opentext.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283377", }, { source: "security@opentext.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316993", }, { source: "security@opentext.com", url: "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc", }, { source: "security@opentext.com", url: "https://security-tracker.debian.org/tracker/CVE-2016-3139", }, { source: "security@opentext.com", url: "https://www.exploit-db.com/exploits/39538/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283375", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283377", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316993", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security-tracker.debian.org/tracker/CVE-2016-3139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/39538/", }, ], sourceIdentifier: "security@opentext.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F61E0DB9-4FAB-4B47-91DA-A0FAF09E3747", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, { lang: "es", value: "La función iowarrior_probe en drivers/usb/misc/iowarrior.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de dispositivos finales manipulado en un descriptor de dispositivo USB.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2016-2188", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:32.080", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/118", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/87", }, { source: "secalert@redhat.com", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317018", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0", }, { source: "secalert@redhat.com", url: "https://www.exploit-db.com/exploits/39556/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/87", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/39556/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F61E0DB9-4FAB-4B47-91DA-A0FAF09E3747", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.", }, { lang: "es", value: "La función mct_u232_msr_to_state en drivers/usb/serial/mct_u232.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un dispositivo USB manipulado sin dos descriptores de dispositivo final interrupt-in.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2016-3136", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:35.520", references: [ { source: "security@opentext.com", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "security@opentext.com", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "security@opentext.com", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "security@opentext.com", url: "http://www.openwall.com/lists/oss-security/2016/03/14/2", }, { source: "security@opentext.com", url: "http://www.securityfocus.com/bid/84299", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "security@opentext.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283370", }, { source: "security@opentext.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317007", }, { source: "security@opentext.com", url: "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { source: "security@opentext.com", url: "https://www.exploit-db.com/exploits/39541/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/03/14/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84299", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317007", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/39541/", }, ], sourceIdentifier: "security@opentext.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F61E0DB9-4FAB-4B47-91DA-A0FAF09E3747", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.", }, { lang: "es", value: "drivers/usb/serial/cypress_m8.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un dispositivo USB sin un descriptor de dispositivo final interrupt-in e interrupt-out, relacionado con las funciones cypress_generic_port_probe y cypress_open.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2016-3137", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:36.737", references: [ { source: "security@opentext.com", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "security@opentext.com", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "security@opentext.com", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "security@opentext.com", url: "http://www.openwall.com/lists/oss-security/2016/03/14/3", }, { source: "security@opentext.com", url: "http://www.securityfocus.com/bid/84300", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "security@opentext.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316996", }, { source: "security@opentext.com", url: "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/03/14/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754", }, ], sourceIdentifier: "security@opentext.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F61E0DB9-4FAB-4B47-91DA-A0FAF09E3747", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, { lang: "es", value: "La función digi_port_init en drivers/usb/serial/digi_acceleport.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de dispositivos finales manipulado en un descriptor de dispositivo USB.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2016-3140", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:39.520", references: [ { source: "security@opentext.com", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "security@opentext.com", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "security@opentext.com", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "security@opentext.com", url: "http://www.openwall.com/lists/oss-security/2016/03/14/6", }, { source: "security@opentext.com", url: "http://www.securityfocus.com/bid/84304", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "security@opentext.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316995", }, { source: "security@opentext.com", url: "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { source: "security@opentext.com", url: "https://www.exploit-db.com/exploits/39537/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/03/14/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/39537/", }, ], sourceIdentifier: "security@opentext.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F61E0DB9-4FAB-4B47-91DA-A0FAF09E3747", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, { lang: "es", value: "La función ati_remote2_probe en drivers/input/misc/ati_remote2.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de dispositivos finales manipulado en un descriptor de dispositivo USB.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2016-2185", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:28.720", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/116", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/90", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "secalert@redhat.com", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/84341", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283362", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283363", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317014", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/90", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84341", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283362", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F61E0DB9-4FAB-4B47-91DA-A0FAF09E3747", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.", }, { lang: "es", value: "La función ims_pcu_parse_cdc_data en drivers/input/misc/ims-pcu.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) a través de un dispositivo USB sin interfaz para un maestro y un esclavo.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2016-3689", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:40.503", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2016/03/30/6", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1035441", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=971628", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1320060", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/03/30/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=971628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1320060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-27 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8E93DE20-F6CD-4B8B-836D-7844A2697466", versionEndIncluding: "4.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", }, { lang: "es", value: "El subsistema netfilter en el kernel de Linux hasta la versión 4.5.2 no válida ciertos campos de desplazamiento, lo que permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_REPLACE setsockopt.", }, ], id: "CVE-2016-3134", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-27T17:59:22.883", references: [ { source: "security@opentext.com", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "security@opentext.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html", }, { source: "security@opentext.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html", }, { source: "security@opentext.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html", }, { source: "security@opentext.com", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "security@opentext.com", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "security@opentext.com", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "security@opentext.com", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "security@opentext.com", url: "http://www.securityfocus.com/bid/84305", }, { source: "security@opentext.com", url: "http://www.securitytracker.com/id/1036763", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2929-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2929-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2930-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2930-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2930-3", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2931-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2932-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-3049-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-3050-1", }, { source: "security@opentext.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383", }, { source: "security@opentext.com", url: "https://code.google.com/p/google-security-research/issues/detail?id=758", }, { source: "security@opentext.com", url: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2929-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2929-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2930-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2930-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2930-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2931-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2932-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3049-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3050-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://code.google.com/p/google-security-research/issues/detail?id=758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309", }, ], sourceIdentifier: "security@opentext.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-03 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "14022F90-39CA-4DE4-B584-6380B9F657B7", versionEndExcluding: "3.2.80", versionStartIncluding: "2.6.17", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0DC9AE03-9DF2-4168-8542-1171CB42C604", versionEndExcluding: "3.10.103", versionStartIncluding: "3.3", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "CB3CF40A-6C26-4C0B-B6F1-41BE884182DA", versionEndExcluding: "3.12.62", versionStartIncluding: "3.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1346A01D-227D-4D11-8C7A-ADBAE630C87D", versionEndExcluding: "3.14.73", versionStartIncluding: "3.13", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7DEF7E2D-A1AA-4733-A573-11EE52A2B419", versionEndExcluding: "3.16.37", versionStartIncluding: "3.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B55F09A2-F470-41BA-9585-40E8C1960ABA", versionEndExcluding: "3.18.37", versionStartIncluding: "3.17", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "2BACB680-D42D-4EFF-9B8B-121AA348DB7A", versionEndExcluding: "4.1.28", versionStartIncluding: "3.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "06B86F5B-ACB3-42F5-B15C-0EEB47DF8809", versionEndExcluding: "4.4.14", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0911A351-61CB-4070-A172-8AD9BC1871AE", versionEndExcluding: "4.6.3", versionStartIncluding: "4.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.", }, { lang: "es", value: "Las implementaciones de compat IPT_SO_SET_REPLACE y IP6T_SO_SET_REPLACE setsockopt en el subsistema netfilter en el kernel de Linux antes de 4.6.3 permiten a los usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) aprovechando el acceso del root en el contenedor para proporcionar un valor de compensación manipulado que desencadena una disminución no intencionada.", }, ], id: "CVE-2016-4997", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-03T21:59:16.057", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/24/5", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/09/29/10", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91451", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036171", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349722", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40435/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40489/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/24/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/09/29/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91451", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40435/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40489/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-27 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "6498A032-754F-41B0-A8C8-4EBB71ABEEE2", versionEndIncluding: "4.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.", }, { lang: "es", value: "La implementación IPv4 en el kernel de Linux en versiones anteriores a 4.5.2 no maneja adecuadamente la destrucción de objetos de dispositivo, lo que permite a usuarios del SO invitado provocar una denegación de servicio (corte de la red del sistema operativo anfitrión) disponiendo un gran número de direcciones IP.", }, ], id: "CVE-2016-3156", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-27T17:59:26.430", references: [ { source: "cve@mitre.org", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/03/15/3", }, { source: "cve@mitre.org", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "cve@mitre.org", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/84428", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318172", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/03/15/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84428", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-27 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", matchCriteriaId: "B942E0F5-7FDC-4AE5-985D-25F4EA7406F1", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12:*:*:*:*:*:*:*", matchCriteriaId: "0441632F-40BF-432B-BB1C-6396C726C4F6", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*", matchCriteriaId: "BFF56CE7-91EF-4FF9-B306-5F00249D9FEA", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*", matchCriteriaId: "5AB3CAA1-C20C-4A86-841E-EC0858164D7D", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11:extra:*:*:*:*:*:*", matchCriteriaId: "4B24E780-3254-4577-BCFF-7FBB6D97C780", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*", matchCriteriaId: "095856BE-4E55-4FEA-BCAC-352C29083545", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "DAEB7909-63A6-487B-B3C6-4B5A1A73D696", versionEndExcluding: "3.2.76", versionStartIncluding: "2.6.28", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9A93F019-B0C0-4723-869E-C715F15E11C9", versionEndExcluding: "3.4.113", versionStartIncluding: "3.3", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B41219F0-BE17-4FE0-98B0-D250A76244A0", versionEndExcluding: "3.10.103", versionStartIncluding: "3.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "24C0DC94-1A70-4985-A5F2-8F517C2DC755", versionEndExcluding: "3.12.58", versionStartIncluding: "3.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F973F317-7CFF-484A-9B00-6957860C64FB", versionEndExcluding: "3.14.76", versionStartIncluding: "3.13", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7DC4BA70-B111-4D2E-BC78-6601CED68F08", versionEndExcluding: "3.16.35", versionStartIncluding: "3.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B1FF53C9-85AA-4BB1-A0B3-48E1C4FCFD86", versionEndExcluding: "3.18.27", versionStartIncluding: "3.17", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "08D67669-B62A-4BA4-BA91-EFFD80451D78", versionEndExcluding: "4.1.17", versionStartIncluding: "3.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "07D57C6F-728C-438C-A961-61AACA53212E", versionEndExcluding: "4.3.5", versionStartIncluding: "4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_live_patching:12:-:*:*:*:*:*:*", matchCriteriaId: "3FA7DD36-7B56-4749-8850-C351593BEB55", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", matchCriteriaId: "B2F3699A-38E4-4E9D-9414-411F71D9E371", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.", }, { lang: "es", value: "La función hub_activate en drivers/usb/core/hub.c en el Kernel de Linux en versiones anteriores a 4.3.5 no mantiene correctamente una estructura de datos hub-interface, lo que permite a atacantes físicamente próximos provocar una denegación de servicio (acceso a memoria no válido y caída de sistema) o posiblemente tener otro impacto no especificado desenchufando un dispositivo hub USB.", }, ], evaluatorComment: "CWE-476: NULL Pointer Dereference", id: "CVE-2015-8816", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-27T17:59:03.147", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3503", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2016/02/23/5", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/83363", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2016/02/23/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/83363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-23 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1C36E5B8-129B-488B-B732-83E71CF311DD", versionEndIncluding: "4.5.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.", }, { lang: "es", value: "La función rtnl_fill_link_ifmap en net/core/rtnetlink.c en el kernel de Linux en versiones anteriores a 4.5.5 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila leyendo un mensaje Netlink.", }, ], id: "CVE-2016-4486", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-23T10:59:02.707", references: [ { source: "cve@mitre.org", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "cve@mitre.org", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/05/04/27", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/90051", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3005-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3006-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3007-1", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1333316", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/46006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/05/04/27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/90051", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3005-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3006-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3007-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1333316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/46006/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-27 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "3E43C27F-72D6-4615-8337-67245A069FFD", versionEndIncluding: "4.4.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.", }, { lang: "es", value: "fs/pipe.c en el kernel de Linux antes de 4.5 no limita la cantidad de datos no leídos en las tuberías, lo que permite a los usuarios locales provocar una denegación de servicio (consumo de memoria) creando muchas tuberías con tamaños no predeterminados.", }, ], id: "CVE-2016-2847", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-27T17:59:21.947", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2017-0217.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3503", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2016/03/01/3", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/83870", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2946-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2946-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2947-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2947-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2947-3", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2948-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2948-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2949-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2967-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2967-2", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313428", }, { source: "secalert@redhat.com", url: "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2017-0217.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2016/03/01/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/83870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2946-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2946-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2947-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2947-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2947-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2948-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2948-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2949-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2967-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2967-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313428", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-23 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E9F34BEC-51BF-44FB-8919-029E2E8E5690", versionEndIncluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", matchCriteriaId: "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.", }, { lang: "es", value: "La función proc_connectinfo en drivers/usb/core/devio.c en el kernel de Linux hasta la versión 4.6 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través de una llamada USBDEVFS_CONNECTINFO ioctl manipulada.", }, ], id: "CVE-2016-4482", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-23T10:59:00.113", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/05/04/2", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/90029", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1332931", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/05/04/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/90029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3016-4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3017-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3018-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3018-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3019-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3020-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1332931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-23 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E9F34BEC-51BF-44FB-8919-029E2E8E5690", versionEndIncluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.", }, { lang: "es", value: "La función snd_timer_user_params en sound/core/timer.c en el kernel de Linux hasta la versión 4.6 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través del uso manipulado de la interfaz ALSA timer.", }, ], id: "CVE-2016-4569", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-23T10:59:08.097", references: [ { source: "cve@mitre.org", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/05/09/17", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/90347", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3016-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3016-2", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3016-3", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3016-4", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3017-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3017-2", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3017-3", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3018-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3018-2", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3019-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3020-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1334643", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/05/09/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/90347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3016-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3016-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3016-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3016-4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3017-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3017-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3017-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3018-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3018-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3019-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3020-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1334643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F61E0DB9-4FAB-4B47-91DA-A0FAF09E3747", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", }, { lang: "es", value: "La función powermate_probe en drivers/input/misc/powermate.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de dispositivos finales manipulado en un descriptor de dispositivo USB.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2016-2186", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:29.863", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/117", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/85", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "secalert@redhat.com", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/84337", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317015", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/85", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-27 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "931BB6A7-F5B1-4FD9-8F88-511F497C00F5", versionEndExcluding: "3.18.54", versionStartIncluding: "2.6.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8BA17557-AA21-4C60-82B6-E6168D48555F", versionEndExcluding: "4.4.14", versionStartIncluding: "3.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0911A351-61CB-4070-A172-8AD9BC1871AE", versionEndExcluding: "4.6.3", versionStartIncluding: "4.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12:*:*:*:*:*:*:*", matchCriteriaId: "0441632F-40BF-432B-BB1C-6396C726C4F6", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", }, { lang: "es", value: "La función ecryptfs_privileged_open en fs/ecryptfs/kthread.c en el kernel de Linux en versiones anteriores a 4.6.3 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (consumo de memoria de pila) a través de vectores involucrados con llamadas mmap manipuladas para nombres de ruta /proc, que conduce a una página de error recursiva manipulada.", }, ], id: "CVE-2016-1583", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-27T10:59:03.330", references: [ { source: "security@ubuntu.com", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { source: "security@ubuntu.com", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2124.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2766.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/10/8", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/22/1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91157", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036763", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2999-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3005-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3006-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3007-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3008-1", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2760", }, { source: "security@ubuntu.com", tags: [ "Vendor Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836", }, { source: "security@ubuntu.com", tags: [ "Issue Tracking", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721", }, { source: "security@ubuntu.com", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b", }, { source: "security@ubuntu.com", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { source: "security@ubuntu.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/39992/", }, { source: "security@ubuntu.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2124.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2766.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/22/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2999-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3005-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3006-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3007-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3008-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2760", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/39992/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-27 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F61E0DB9-4FAB-4B47-91DA-A0FAF09E3747", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.", }, { lang: "es", value: "La función create_fixed_stream_quirk en sound/usb/quirks.c en el controlador snd-usb-audio en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL o doble libre y caída de sistema) a través de un valor de dispositivo final manipulado en un dispositivo USB descriptor.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2016-2184", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-27T17:59:09.867", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/102", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/88", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/89", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/84340", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317012", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be", }, { source: "secalert@redhat.com", url: "https://source.android.com/security/bulletin/2016-11-01.html", }, { source: "secalert@redhat.com", url: "https://www.exploit-db.com/exploits/39555/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/88", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/bugtraq/2016/Mar/89", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84340", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://source.android.com/security/bulletin/2016-11-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/39555/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F61E0DB9-4FAB-4B47-91DA-A0FAF09E3747", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "E090E7B3-2346-463D-8A0C-8B482500CB42", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", matchCriteriaId: "A8877923-3E50-4F71-B501-E6997894D07E", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "1F003591-0639-476C-A014-03F06A274880", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.", }, { lang: "es", value: "La función acm_probe en drivers/usb/class/cdc-acm.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un dispositivo USB sin both a control y a data endpoint descriptor.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2016-3138", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:37.910", references: [ { source: "security@opentext.com", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "security@opentext.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "security@opentext.com", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "security@opentext.com", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "security@opentext.com", url: "http://www.openwall.com/lists/oss-security/2016/03/14/4", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "security@opentext.com", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "security@opentext.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316204", }, { source: "security@opentext.com", url: "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/03/14/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2968-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2969-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2970-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2971-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9", }, ], sourceIdentifier: "security@opentext.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-27 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| novell | suse_linux_enterprise_software_development_kit | 12.0 | |
| novell | suse_linux_enterprise_desktop | 12.0 | |
| novell | suse_linux_enterprise_live_patching | 12.0 | |
| novell | suse_linux_enterprise_module_for_public_cloud | 12.0 | |
| novell | suse_linux_enterprise_real_time_extension | 12.0 | |
| novell | suse_linux_enterprise_server | 12.0 | |
| novell | suse_linux_enterprise_workstation_extension | 12.0 | |
| linux | linux_kernel | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", matchCriteriaId: "336EC5B8-6FD8-42BB-9530-58A15238CEE1", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", matchCriteriaId: "EA04C9F1-6257-4D82-BA0B-37DE66D94736", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", matchCriteriaId: "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", matchCriteriaId: "DF461FB4-8BA5-4065-9A69-DC017D3611C3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8E93DE20-F6CD-4B8B-836D-7844A2697466", versionEndIncluding: "4.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.", }, { lang: "es", value: "La función arch_pick_mmap_layout en arch/x86/mm/mmap.c en el kernel de Linux hasta la versión 4.5.2 no maneja de forma aleatoria el legado de la dirección base, lo que hace más fácil a usuarios locales romper las restricciones destinadas en los indicadores ADDR_NO_RANDOMIZE, y eludir el mecanismo de protección ASLR para programas setuid o setid, deshabilitando los límites de recursos del consumo de pila.", }, ], id: "CVE-2016-3672", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-27T17:59:27.397", references: [ { source: "cve@mitre.org", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { source: "cve@mitre.org", url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis", }, { source: "cve@mitre.org", url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2016/Apr/26", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/537996/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/85884", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035506", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0676", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:1062", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324749", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/39669/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2016/Apr/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/537996/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/85884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2989-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2996-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2997-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2998-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3000-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3001-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3002-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3003-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3004-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:1062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1324749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/39669/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-254", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-23 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:-:*:*:*:*:*:*", matchCriteriaId: "5767DAFA-095A-45F6-BCFD-0F0FE10CC0F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_workstation_extension:12.0:-:*:*:*:*:*:*", matchCriteriaId: "59F75102-8532-4F54-9E0B-EC65EC294956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_module_for_public_cloud:12.0:-:*:*:*:*:*:*", matchCriteriaId: "D7DA4C2F-8A24-4618-AF74-6B1772423147", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "ADE9D807-6690-4D67-A6B3-68BBC9B50153", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_module_for_public_cloud:12.0:-:*:*:*:*:*:*", matchCriteriaId: "D7DA4C2F-8A24-4618-AF74-6B1772423147", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:opensuse_leap:42.1:*:*:*:*:*:*:*", matchCriteriaId: "8FB8F4ED-D00F-4BE4-9EA9-B4C0A09CF681", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "A5FDEDA8-6F51-4945-B443-438CC987F235", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "4C4DFE87-2B4C-4B51-B7C8-AC7D57F14A60", versionEndExcluding: "3.2.80", versionStartIncluding: "2.6.30", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0F147711-AD8B-484D-8393-5BCFC6C59EC3", versionEndExcluding: "3.10.102", versionStartIncluding: "3.3", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "584CA2EF-2339-4C1A-93C3-464EB59A2D76", versionEndExcluding: "3.12.59", versionStartIncluding: "3.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "3D15B81D-86E5-4DCD-B9D6-8E1B363C890B", versionEndExcluding: "3.14.67", versionStartIncluding: "3.13", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7DC4BA70-B111-4D2E-BC78-6601CED68F08", versionEndExcluding: "3.16.35", versionStartIncluding: "3.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B55F09A2-F470-41BA-9585-40E8C1960ABA", versionEndExcluding: "3.18.37", versionStartIncluding: "3.17", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "2BACB680-D42D-4EFF-9B8B-121AA348DB7A", versionEndExcluding: "4.1.28", versionStartIncluding: "3.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "824C5EA8-82AC-4C0A-AC84-7EDDF4D78C5E", versionEndExcluding: "4.4.8", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "44B0678C-60EC-4992-893A-7C76EEE0E0B5", versionEndExcluding: "4.5.2", versionStartIncluding: "4.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:-:*:*:*:*:*:*", matchCriteriaId: "2C5269FF-3D79-4D5F-BF2C-E76F3C2904AA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "E8CF34B9-B384-4297-9B83-57A520E39131", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:-:*:*:*:*:*:*", matchCriteriaId: "1B097F99-D0D7-4B32-9E1A-BE5E653CFA7C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "6359EF76-9371-4418-8694-B604CF02CF63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "5BFCA0A7-8EB8-4C6F-9039-2B6A224080D3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "B2905A9C-3E00-4188-8341-E5C2F62EF405", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_live_patching:12.0:-:*:*:*:*:*:*", matchCriteriaId: "87992023-1565-477A-BB3C-CC582E8BDEBE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.", }, { lang: "es", value: "Vulnerabilidad de uso después de liberación de memoria en drivers/net/ppp/ppp_generic.c en el kernel de Linux en versiones anteriores a 4.5.2 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria y caída de sistema o spinlock) o posiblemente tener otro impacto no especificado eliminando una red namespace, relacionado con las funciones ppp_register_net_channel y ppp_unregister_channel.", }, ], id: "CVE-2016-4805", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-23T10:59:13.443", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/15/2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/90605", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036763", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335803", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Release Notes", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/15/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/90605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3021-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1335803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }