Lucene search

[email protected]NVD:CVE-2016-3951

HistoryMay 02, 2016 - 10:59 a.m.

CVE-2016-3951

2016-05-0210:59:41

[email protected]

web.nvd.nist.gov

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.3%

JSON

Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.10

Node

novellsuse_linux_enterprise_software_development_kitMatch12.0sp1

susesuse_linux_enterprise_software_development_kitMatch12.0

novellsuse_linux_enterprise_desktopMatch12

novellsuse_linux_enterprise_desktopMatch12sp1

novellsuse_linux_enterprise_live_patchingMatch12.0

novellsuse_linux_enterprise_module_for_public_cloudMatch12

novellsuse_linux_enterprise_real_time_extensionMatch12sp1

novellsuse_linux_enterprise_serverMatch12.0

novellsuse_linux_enterprise_serverMatch12.0sp1

novellsuse_linux_enterprise_workstation_extensionMatch12.0

novellsuse_linux_enterprise_workstation_extensionMatch12.0sp1

Node

linuxlinux_kernelMatch4.5.0rc7

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274

lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

www.debian.org/security/2016/dsa-3607

www.openwall.com/lists/oss-security/2016/04/06/4

www.securityfocus.com/bid/91028

www.securitytracker.com/id/1036763

www.ubuntu.com/usn/USN-2989-1

www.ubuntu.com/usn/USN-2998-1

www.ubuntu.com/usn/USN-3000-1

www.ubuntu.com/usn/USN-3001-1

www.ubuntu.com/usn/USN-3002-1

www.ubuntu.com/usn/USN-3003-1

www.ubuntu.com/usn/USN-3004-1

www.ubuntu.com/usn/USN-3021-1

www.ubuntu.com/usn/USN-3021-2

bugzilla.redhat.com/show_bug.cgi?id=1324782

github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b

github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274

www.spinics.net/lists/netdev/msg367669.html

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.3%

JSON

Related for NVD:CVE-2016-3951

cve1 android1 debiancve1 prion1 ubuntucve1 cvelist1 fedora2 openvas24 nessus30 ubuntu13 suse5 cloudfoundry1 oraclelinux1 osv2 debian3 androidsecurity1