Lucene search

[email protected]CVE-2016-2782

HistoryApr 27, 2016 - 5:59 p.m.

CVE-2016-2782

2016-04-2717:59:20

CWE-476

[email protected]

web.nvd.nist.gov

cve-2016-2782

linux kernel

usb

null pointer

denial of service

nvd

security vulnerability

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.2%

JSON

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

Affected configurations

NVD

Node

linuxlinux_kernelRange<4.5.0

linuxlinux_kernelMatch4.5.0rc1

Node

suselinux_enterprise_debuginfoMatch11sp2

suselinux_enterprise_debuginfoMatch11sp4

suselinux_enterprise_module_for_public_cloudMatch12

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_real_time_extensionMatch11sp4

suselinux_enterprise_real_time_extensionMatch12sp1

suselinux_enterprise_serverMatch11sp2ltss

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_serverMatch12-

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch11sp4

suselinux_enterprise_software_development_kitMatch12-

suselinux_enterprise_software_development_kitMatch12sp1

suselinux_enterprise_workstation_extensionMatch12

suselinux_enterprise_workstation_extensionMatch12sp1

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt4.5.0

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	4.5.0

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0

lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

www.openwall.com/lists/oss-security/2016/02/28/9

www.ubuntu.com/usn/USN-2929-1

www.ubuntu.com/usn/USN-2929-2

www.ubuntu.com/usn/USN-2930-1

www.ubuntu.com/usn/USN-2930-2

www.ubuntu.com/usn/USN-2930-3

www.ubuntu.com/usn/USN-2932-1

www.ubuntu.com/usn/USN-2948-1

www.ubuntu.com/usn/USN-2948-2

www.ubuntu.com/usn/USN-2967-1

www.ubuntu.com/usn/USN-2967-2

bugzilla.redhat.com/show_bug.cgi?id=1312670

github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0

www.exploit-db.com/exploits/39539/

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.2%

JSON

Related for CVE-2016-2782

zdt1 prion1 nvd1 packetstorm2 exploitpack1 cvelist1 ubuntucve1 debiancve1 exploitdb1 nessus25 ubuntu10 openvas19 suse9 cloudfoundry1 oraclelinux2