Search criteria
48 vulnerabilities found for suse_linux_enterprise_debuginfo by novell
CVE-2015-6815 (GCVE-0-2015-6815)
Vulnerability from nvd – Published: 2020-01-31 21:38 – Updated: 2024-08-06 07:29
VLAI?
Summary
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/04/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/05/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.4.0.1"
}
]
}
],
"datePublic": "2015-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:01:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/04/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/05/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-6815",
"datePublished": "2020-01-31T21:38:47",
"dateReserved": "2015-09-05T00:00:00",
"dateUpdated": "2024-08-06T07:29:24.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1583 (GCVE-0-2016-1583)
Vulnerability from nvd – Published: 2016-06-27 10:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "SUSE-SU-2016:2010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "RHSA-2016:2766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "SUSE-SU-2016:1994",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "39992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39992/"
},
{
"name": "SUSE-SU-2016:1961",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "91157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91157"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-2999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2999-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "SUSE-SU-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/8"
},
{
"name": "SUSE-SU-2016:2014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "SUSE-SU-2016:1596",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html"
},
{
"name": "RHSA-2017:2760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2760"
},
{
"name": "SUSE-SU-2016:2005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:2124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:1995",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/1"
},
{
"name": "SUSE-SU-2016:2002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html"
},
{
"name": "USN-3008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3008-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-06T21:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "SUSE-SU-2016:2010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "RHSA-2016:2766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "SUSE-SU-2016:1994",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "39992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39992/"
},
{
"name": "SUSE-SU-2016:1961",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "91157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91157"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-2999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2999-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "SUSE-SU-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/8"
},
{
"name": "SUSE-SU-2016:2014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "SUSE-SU-2016:1596",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html"
},
{
"name": "RHSA-2017:2760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2760"
},
{
"name": "SUSE-SU-2016:2005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:2124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:1995",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/1"
},
{
"name": "SUSE-SU-2016:2002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html"
},
{
"name": "USN-3008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3008-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2016-1583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "SUSE-SU-2016:2010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "RHSA-2016:2766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "SUSE-SU-2016:1994",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "39992",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39992/"
},
{
"name": "SUSE-SU-2016:1961",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "91157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91157"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-2999-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2999-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "SUSE-SU-2016:2006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/8"
},
{
"name": "SUSE-SU-2016:2014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "SUSE-SU-2016:1596",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html"
},
{
"name": "RHSA-2017:2760",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2760"
},
{
"name": "SUSE-SU-2016:2005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2000",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:2124",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:1995",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/1"
},
{
"name": "SUSE-SU-2016:2002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html"
},
{
"name": "USN-3008-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3008-1"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2016-1583",
"datePublished": "2016-06-27T10:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4913 (GCVE-0-2016-4913)
Vulnerability from nvd – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:46
VLAI?
Summary
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/5"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "90730",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90730"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/5"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "90730",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90730"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-4913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "USN-3018-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528"
},
{
"name": "USN-3017-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "USN-3019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/5"
},
{
"name": "USN-3018-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/3"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "90730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90730"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name": "USN-3016-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3020-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-4913",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-18T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4569 (GCVE-0-2016-4569)
Vulnerability from nvd – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:26.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "RHSA-2016:2584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
},
{
"name": "RHSA-2016:2574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "90347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90347"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "RHSA-2016:2584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
},
{
"name": "RHSA-2016:2574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "90347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90347"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-3017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
},
{
"name": "USN-3017-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-3019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "90347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90347"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4569",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-09T00:00:00",
"dateUpdated": "2024-08-06T00:32:26.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4486 (GCVE-0-2016-4486)
Vulnerability from nvd – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "90051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90051"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "46006",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46006/"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "90051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90051"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "46006",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46006/"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "90051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90051"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "46006",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46006/"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4486",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-04T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4485 (GCVE-0-2016-4485)
Vulnerability from nvd – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "[oss-security] 20160503 CVE Request: kernel information leak vulnerability in llc module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/26"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "90015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90015"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "[oss-security] 20160503 CVE Request: kernel information leak vulnerability in llc module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/26"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "90015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90015"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "[oss-security] 20160503 CVE Request: kernel information leak vulnerability in llc module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/26"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "90015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90015"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4485",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-04T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4482 (GCVE-0-2016-4482)
Vulnerability from nvd – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "90029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90029"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "FEDORA-2016-4ce97823af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "90029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90029"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "FEDORA-2016-4ce97823af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "90029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90029"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
},
{
"name": "USN-3017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "USN-3019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
},
{
"name": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "FEDORA-2016-4ce97823af",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4482",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-04T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3140 (GCVE-0-2016-3140)
Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39537",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39537/"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "84304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84304"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:57",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39537",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39537/"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "84304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84304"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-3140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39537",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39537/"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "84304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84304"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-3140",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-03-13T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3138 (GCVE-0-2016-3138)
Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-3138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "USN-2969-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-3138",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-03-13T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3137 (GCVE-0-2016-3137)
Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "84300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84300"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "84300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84300"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-3137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "84300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84300"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-3137",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-03-13T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2188 (GCVE-0-2016-2188)
Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39556",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39556/"
},
{
"name": "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/87"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0"
},
{
"name": "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39556",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39556/"
},
{
"name": "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/87"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0"
},
{
"name": "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/118"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2188",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2187 (GCVE-0-2016-2187)
Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "85425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85425"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "85425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85425"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317017"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2187",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2186 (GCVE-0-2016-2186)
Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f"
},
{
"name": "84337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84337"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317015"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/117"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/85"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f"
},
{
"name": "84337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84337"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317015"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/117"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/85"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2186",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2185 (GCVE-0-2016-2185)
Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "84341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84341"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
},
{
"name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/90"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "84341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84341"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
},
{
"name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/90"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2185",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3156 (GCVE-0-2016-3156)
Vulnerability from nvd – Published: 2016-04-27 17:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "RHSA-2016:2584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "84428",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "[oss-security] 20160315 CVE request: ipv4: Don\u0027t do expensive useless work during inetdev destroy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/15/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "RHSA-2016:2584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "84428",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "[oss-security] 20160315 CVE request: ipv4: Don\u0027t do expensive useless work during inetdev destroy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/15/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-2969-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "84428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84428"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "[oss-security] 20160315 CVE request: ipv4: Don\u0027t do expensive useless work during inetdev destroy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/15/3"
},
{
"name": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3156",
"datePublished": "2016-04-27T17:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3139 (GCVE-0-2016-3139)
Vulnerability from nvd – Published: 2016-04-27 17:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39538",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39538/"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316993"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-3139"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283375"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "39538",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39538/"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316993"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-3139"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283375"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-3139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39538",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39538/"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316993",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316993"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283377",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283377"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-3139",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-3139"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283375",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283375"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-3139",
"datePublished": "2016-04-27T17:00:00",
"dateReserved": "2016-03-13T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6815 (GCVE-0-2015-6815)
Vulnerability from cvelistv5 – Published: 2020-01-31 21:38 – Updated: 2024-08-06 07:29
VLAI?
Summary
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/04/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/05/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.4.0.1"
}
]
}
],
"datePublic": "2015-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:01:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/04/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/05/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-6815",
"datePublished": "2020-01-31T21:38:47",
"dateReserved": "2015-09-05T00:00:00",
"dateUpdated": "2024-08-06T07:29:24.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1583 (GCVE-0-2016-1583)
Vulnerability from cvelistv5 – Published: 2016-06-27 10:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "SUSE-SU-2016:2010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "RHSA-2016:2766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "SUSE-SU-2016:1994",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "39992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39992/"
},
{
"name": "SUSE-SU-2016:1961",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "91157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91157"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-2999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2999-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "SUSE-SU-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/8"
},
{
"name": "SUSE-SU-2016:2014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "SUSE-SU-2016:1596",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html"
},
{
"name": "RHSA-2017:2760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2760"
},
{
"name": "SUSE-SU-2016:2005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:2124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:1995",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/1"
},
{
"name": "SUSE-SU-2016:2002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html"
},
{
"name": "USN-3008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3008-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-06T21:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "SUSE-SU-2016:2010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "RHSA-2016:2766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "SUSE-SU-2016:1994",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "39992",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39992/"
},
{
"name": "SUSE-SU-2016:1961",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "91157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91157"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-2999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2999-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "SUSE-SU-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/8"
},
{
"name": "SUSE-SU-2016:2014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "SUSE-SU-2016:1596",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html"
},
{
"name": "RHSA-2017:2760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2760"
},
{
"name": "SUSE-SU-2016:2005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:2124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:1995",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/1"
},
{
"name": "SUSE-SU-2016:2002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html"
},
{
"name": "USN-3008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3008-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2016-1583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "SUSE-SU-2016:2010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "RHSA-2016:2766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
},
{
"name": "SUSE-SU-2016:1994",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "39992",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39992/"
},
{
"name": "SUSE-SU-2016:1961",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "91157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91157"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-2999-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2999-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "SUSE-SU-2016:2006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/10/8"
},
{
"name": "SUSE-SU-2016:2014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "SUSE-SU-2016:1596",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html"
},
{
"name": "RHSA-2017:2760",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2760"
},
{
"name": "SUSE-SU-2016:2005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2000",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:2124",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:1995",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/1"
},
{
"name": "SUSE-SU-2016:2002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html"
},
{
"name": "USN-3008-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3008-1"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2016-1583",
"datePublished": "2016-06-27T10:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4913 (GCVE-0-2016-4913)
Vulnerability from cvelistv5 – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:46
VLAI?
Summary
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/5"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "90730",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90730"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/5"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "90730",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90730"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-4913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "USN-3018-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337528"
},
{
"name": "USN-3017-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "USN-3019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/5"
},
{
"name": "USN-3018-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/3"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "90730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90730"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6"
},
{
"name": "USN-3016-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3020-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-4913",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-18T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4485 (GCVE-0-2016-4485)
Vulnerability from cvelistv5 – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "[oss-security] 20160503 CVE Request: kernel information leak vulnerability in llc module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/26"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "90015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90015"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "[oss-security] 20160503 CVE Request: kernel information leak vulnerability in llc module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/26"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "90015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90015"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "[oss-security] 20160503 CVE Request: kernel information leak vulnerability in llc module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/26"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "90015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90015"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4485",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-04T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4486 (GCVE-0-2016-4486)
Vulnerability from cvelistv5 – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "90051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90051"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "46006",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46006/"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "90051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90051"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "46006",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46006/"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "90051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90051"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "46006",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46006/"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4486",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-04T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4569 (GCVE-0-2016-4569)
Vulnerability from cvelistv5 – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:26.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "RHSA-2016:2584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
},
{
"name": "RHSA-2016:2574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "90347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90347"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "RHSA-2016:2584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
},
{
"name": "RHSA-2016:2574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "90347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90347"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-3017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
},
{
"name": "USN-3017-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-3019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "90347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90347"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4569",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-09T00:00:00",
"dateUpdated": "2024-08-06T00:32:26.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4482 (GCVE-0-2016-4482)
Vulnerability from cvelistv5 – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "90029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90029"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "FEDORA-2016-4ce97823af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "90029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90029"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "FEDORA-2016-4ce97823af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "90029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90029"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
},
{
"name": "USN-3017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "USN-3021-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "USN-3019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
},
{
"name": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
},
{
"name": "FEDORA-2016-4ce97823af",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "USN-3016-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4482",
"datePublished": "2016-05-23T10:00:00",
"dateReserved": "2016-05-04T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3138 (GCVE-0-2016-3138)
Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-3138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "USN-2969-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-3138",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-03-13T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2185 (GCVE-0-2016-2185)
Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "84341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84341"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
},
{
"name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/90"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "84341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84341"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
},
{
"name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/90"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2185",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2186 (GCVE-0-2016-2186)
Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f"
},
{
"name": "84337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84337"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317015"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/117"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/85"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f"
},
{
"name": "84337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84337"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317015"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/117"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/85"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2186",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2188 (GCVE-0-2016-2188)
Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39556",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39556/"
},
{
"name": "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/87"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0"
},
{
"name": "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Mar/118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39556",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39556/"
},
{
"name": "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/87"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "USN-2969-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0"
},
{
"name": "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Mar/118"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2188",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3140 (GCVE-0-2016-3140)
Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39537",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39537/"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "84304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84304"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:57",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39537",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39537/"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "84304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84304"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-3140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "39537",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39537/"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name": "84304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84304"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-3140",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-03-13T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3137 (GCVE-0-2016-3137)
Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "84300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84300"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "USN-2971-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "84300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84300"
},
{
"name": "USN-2968-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "openSUSE-SU-2016:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-3137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "84300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84300"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-3137",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-03-13T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2187 (GCVE-0-2016-2187)
Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "85425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85425"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-3005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "85425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85425"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d"
},
{
"name": "USN-2997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "USN-3000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-2996-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2989-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "USN-3003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317017"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2187",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}