Search

Find a vulnerability

Search criteria

    66 vulnerabilities found for suse_linux_enterprise_real_time_extension by novell

    CVE-2016-4997 (GCVE-0-2016-4997)

    Vulnerability from nvd – Published: 2016-07-03 21:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-1 vendor-advisoryx_refsource_UBUNTU
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-3 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-1847.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1349722 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3018-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-2 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-1875.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3019-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3016-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/06/24/5 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.exploit-db.com/exploits/40435/ exploitx_refsource_EXPLOIT-DB
    https://github.com/torvalds/linux/commit/ce683e5f… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3018-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1036171 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/40489/ exploitx_refsource_EXPLOIT-DB
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-1883.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3016-3 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    http://www.ubuntu.com/usn/USN-3016-4 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/91451 vdb-entryx_refsource_BID
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3020-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/nccgroup/TriforceLinuxSyscallF… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-06-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.226Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:2180",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "SUSE-SU-2016:1709",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html"
              },
              {
                "name": "USN-3017-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "USN-3017-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-3"
              },
              {
                "name": "RHSA-2016:1847",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349722"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "USN-3018-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-2"
              },
              {
                "name": "SUSE-SU-2016:2174",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
              },
              {
                "name": "USN-3017-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-2"
              },
              {
                "name": "RHSA-2016:1875",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
              },
              {
                "name": "USN-3019-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3019-1"
              },
              {
                "name": "SUSE-SU-2016:2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-3016-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-2"
              },
              {
                "name": "USN-3016-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-1"
              },
              {
                "name": "[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/06/24/5"
              },
              {
                "name": "SUSE-SU-2016:2181",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
              },
              {
                "name": "SUSE-SU-2016:2178",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
              },
              {
                "name": "40435",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40435/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
              },
              {
                "name": "USN-3018-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-1"
              },
              {
                "name": "1036171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036171"
              },
              {
                "name": "40489",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40489/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "name": "SUSE-SU-2016:2177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
              },
              {
                "name": "RHSA-2016:1883",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
              },
              {
                "name": "SUSE-SU-2016:2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3016-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-3"
              },
              {
                "name": "SUSE-SU-2016:1710",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html"
              },
              {
                "name": "[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/09/29/10"
              },
              {
                "name": "USN-3016-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-4"
              },
              {
                "name": "91451",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91451"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
              },
              {
                "name": "USN-3020-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3020-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:2180",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "SUSE-SU-2016:1709",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html"
            },
            {
              "name": "USN-3017-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "USN-3017-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-3"
            },
            {
              "name": "RHSA-2016:1847",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349722"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "USN-3018-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-2"
            },
            {
              "name": "SUSE-SU-2016:2174",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
            },
            {
              "name": "USN-3017-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-2"
            },
            {
              "name": "RHSA-2016:1875",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
            },
            {
              "name": "USN-3019-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3019-1"
            },
            {
              "name": "SUSE-SU-2016:2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3016-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-2"
            },
            {
              "name": "USN-3016-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-1"
            },
            {
              "name": "[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/06/24/5"
            },
            {
              "name": "SUSE-SU-2016:2181",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:2178",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
            },
            {
              "name": "40435",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40435/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
            },
            {
              "name": "USN-3018-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-1"
            },
            {
              "name": "1036171",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036171"
            },
            {
              "name": "40489",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40489/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "SUSE-SU-2016:2177",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
            },
            {
              "name": "RHSA-2016:1883",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
            },
            {
              "name": "SUSE-SU-2016:2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3016-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-3"
            },
            {
              "name": "SUSE-SU-2016:1710",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html"
            },
            {
              "name": "[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/09/29/10"
            },
            {
              "name": "USN-3016-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-4"
            },
            {
              "name": "91451",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91451"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
            },
            {
              "name": "USN-3020-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3020-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-4997",
        "datePublished": "2016-07-03T21:00:00.000Z",
        "dateReserved": "2016-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5829 (GCVE-0-2016-5829)

    Vulnerability from nvd – Published: 2016-06-27 10:00 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-3070-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/91450 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-2584.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2016-2574.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3070-3 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2006.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3070-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3071-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3616 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3070-4 vendor-advisoryx_refsource_UBUNTU
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/93a2001b… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2016/06/26/2 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3072-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3072-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3071-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-06-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:10.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3070-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-1"
              },
              {
                "name": "SUSE-SU-2016:2180",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "91450",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91450"
              },
              {
                "name": "SUSE-SU-2016:2174",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
              },
              {
                "name": "RHSA-2016:2584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
              },
              {
                "name": "RHSA-2016:2574",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
              },
              {
                "name": "USN-3070-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-3"
              },
              {
                "name": "SUSE-SU-2016:2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5"
              },
              {
                "name": "RHSA-2016:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
              },
              {
                "name": "USN-3070-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-2"
              },
              {
                "name": "SUSE-SU-2016:2181",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
              },
              {
                "name": "SUSE-SU-2016:2178",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
              },
              {
                "name": "USN-3071-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3071-1"
              },
              {
                "name": "DSA-3616",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3616"
              },
              {
                "name": "SUSE-SU-2016:2175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"
              },
              {
                "name": "USN-3070-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "name": "SUSE-SU-2016:2177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5"
              },
              {
                "name": "SUSE-SU-2016:2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
              },
              {
                "name": "[oss-security] 20160626 Re: CVE Request: Linux kernel HID: hiddev buffer overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/06/26/2"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3072-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3072-2"
              },
              {
                "name": "USN-3072-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3072-1"
              },
              {
                "name": "USN-3071-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3071-2"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3070-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-1"
            },
            {
              "name": "SUSE-SU-2016:2180",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "91450",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91450"
            },
            {
              "name": "SUSE-SU-2016:2174",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
            },
            {
              "name": "RHSA-2016:2584",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
            },
            {
              "name": "RHSA-2016:2574",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
            },
            {
              "name": "USN-3070-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-3"
            },
            {
              "name": "SUSE-SU-2016:2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5"
            },
            {
              "name": "RHSA-2016:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
            },
            {
              "name": "USN-3070-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-2"
            },
            {
              "name": "SUSE-SU-2016:2181",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:2178",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
            },
            {
              "name": "USN-3071-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3071-1"
            },
            {
              "name": "DSA-3616",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3616"
            },
            {
              "name": "SUSE-SU-2016:2175",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"
            },
            {
              "name": "USN-3070-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "SUSE-SU-2016:2177",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5"
            },
            {
              "name": "SUSE-SU-2016:2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
            },
            {
              "name": "[oss-security] 20160626 Re: CVE Request: Linux kernel HID: hiddev buffer overflows",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/06/26/2"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3072-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3072-2"
            },
            {
              "name": "USN-3072-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3072-1"
            },
            {
              "name": "USN-3071-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3071-2"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3070-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-1"
                },
                {
                  "name": "SUSE-SU-2016:2180",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "91450",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91450"
                },
                {
                  "name": "SUSE-SU-2016:2174",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
                },
                {
                  "name": "RHSA-2016:2584",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
                },
                {
                  "name": "RHSA-2016:2574",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
                },
                {
                  "name": "USN-3070-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-3"
                },
                {
                  "name": "SUSE-SU-2016:2018",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5"
                },
                {
                  "name": "RHSA-2016:2006",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
                },
                {
                  "name": "USN-3070-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-2"
                },
                {
                  "name": "SUSE-SU-2016:2181",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
                },
                {
                  "name": "SUSE-SU-2016:2178",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
                },
                {
                  "name": "USN-3071-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3071-1"
                },
                {
                  "name": "DSA-3616",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3616"
                },
                {
                  "name": "SUSE-SU-2016:2175",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"
                },
                {
                  "name": "USN-3070-4",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-4"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
                },
                {
                  "name": "SUSE-SU-2016:2177",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5"
                },
                {
                  "name": "SUSE-SU-2016:2179",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
                },
                {
                  "name": "[oss-security] 20160626 Re: CVE Request: Linux kernel HID: hiddev buffer overflows",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/06/26/2"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-3072-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3072-2"
                },
                {
                  "name": "USN-3072-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3072-1"
                },
                {
                  "name": "USN-3071-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3071-2"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5829",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:10.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5828 (GCVE-0-2016-5828)

    Vulnerability from nvd – Published: 2016-06-27 10:00 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-3070-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/06/25/7 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://patchwork.ozlabs.org/patch/636776/ x_refsource_MISC
    http://rhn.redhat.com/errata/RHSA-2016-2574.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3070-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3070-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3071-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3616 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3070-4 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/91415 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3071-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-06-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:10.708Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3070-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-1"
              },
              {
                "name": "[oss-security] 20160625 Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/06/25/7"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://patchwork.ozlabs.org/patch/636776/"
              },
              {
                "name": "RHSA-2016:2574",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
              },
              {
                "name": "USN-3070-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-3"
              },
              {
                "name": "USN-3070-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-2"
              },
              {
                "name": "USN-3071-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3071-1"
              },
              {
                "name": "DSA-3616",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3616"
              },
              {
                "name": "USN-3070-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-4"
              },
              {
                "name": "91415",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91415"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3071-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3071-2"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3070-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-1"
            },
            {
              "name": "[oss-security] 20160625 Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/06/25/7"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://patchwork.ozlabs.org/patch/636776/"
            },
            {
              "name": "RHSA-2016:2574",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
            },
            {
              "name": "USN-3070-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-3"
            },
            {
              "name": "USN-3070-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-2"
            },
            {
              "name": "USN-3071-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3071-1"
            },
            {
              "name": "DSA-3616",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3616"
            },
            {
              "name": "USN-3070-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-4"
            },
            {
              "name": "91415",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91415"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3071-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3071-2"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3070-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-1"
                },
                {
                  "name": "[oss-security] 20160625 Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/06/25/7"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "https://patchwork.ozlabs.org/patch/636776/",
                  "refsource": "MISC",
                  "url": "https://patchwork.ozlabs.org/patch/636776/"
                },
                {
                  "name": "RHSA-2016:2574",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
                },
                {
                  "name": "USN-3070-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-3"
                },
                {
                  "name": "USN-3070-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-2"
                },
                {
                  "name": "USN-3071-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3071-1"
                },
                {
                  "name": "DSA-3616",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3616"
                },
                {
                  "name": "USN-3070-4",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-4"
                },
                {
                  "name": "91415",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91415"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-3071-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3071-2"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5828",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:10.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4470 (GCVE-0-2016-4470)

    Vulnerability from nvd – Published: 2016-06-27 10:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3054-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-1657.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3051-1 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-2128.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-2133.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3053-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3055-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3056-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3052-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3049-1 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-1541.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://rhn.redhat.com/errata/RHSA-2016-1539.html vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1036763 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2016-1532.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2016-2006.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1341716 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3050-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-2076.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3057-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-2074.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/38327424… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:25.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "name": "SUSE-SU-2016:2010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
              },
              {
                "name": "SUSE-SU-2016:2011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
              },
              {
                "name": "USN-3054-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3054-1"
              },
              {
                "name": "SUSE-SU-2016:2003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
              },
              {
                "name": "RHSA-2016:1657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
              },
              {
                "name": "SUSE-SU-2016:1994",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "USN-3051-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3051-1"
              },
              {
                "name": "RHSA-2016:2128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
              },
              {
                "name": "SUSE-SU-2016:1961",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
              },
              {
                "name": "RHSA-2016:2133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "name": "SUSE-SU-2016:2001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "USN-3053-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3053-1"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "SUSE-SU-2016:1998",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
              },
              {
                "name": "USN-3055-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3055-1"
              },
              {
                "name": "SUSE-SU-2016:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
              },
              {
                "name": "USN-3056-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3056-1"
              },
              {
                "name": "USN-3052-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3052-1"
              },
              {
                "name": "USN-3049-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3049-1"
              },
              {
                "name": "RHSA-2016:1541",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
              },
              {
                "name": "SUSE-SU-2016:2014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
              },
              {
                "name": "SUSE-SU-2016:2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "RHSA-2016:1539",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
              },
              {
                "name": "1036763",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036763"
              },
              {
                "name": "RHSA-2016:1532",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
              },
              {
                "name": "RHSA-2016:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
              },
              {
                "name": "SUSE-SU-2016:2009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
              },
              {
                "name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
              },
              {
                "name": "USN-3050-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3050-1"
              },
              {
                "name": "SUSE-SU-2016:2005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
              },
              {
                "name": "SUSE-SU-2016:2007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
              },
              {
                "name": "SUSE-SU-2016:1999",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
              },
              {
                "name": "SUSE-SU-2016:2000",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
              },
              {
                "name": "RHSA-2016:2076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
              },
              {
                "name": "USN-3057-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3057-1"
              },
              {
                "name": "SUSE-SU-2016:1995",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
              },
              {
                "name": "RHSA-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "SUSE-SU-2016:2002",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "SUSE-SU-2016:2010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
            },
            {
              "name": "SUSE-SU-2016:2011",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
            },
            {
              "name": "USN-3054-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3054-1"
            },
            {
              "name": "SUSE-SU-2016:2003",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
            },
            {
              "name": "RHSA-2016:1657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
            },
            {
              "name": "SUSE-SU-2016:1994",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "USN-3051-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3051-1"
            },
            {
              "name": "RHSA-2016:2128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
            },
            {
              "name": "SUSE-SU-2016:1961",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
            },
            {
              "name": "RHSA-2016:2133",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "SUSE-SU-2016:2001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "USN-3053-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3053-1"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "SUSE-SU-2016:1998",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
            },
            {
              "name": "USN-3055-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3055-1"
            },
            {
              "name": "SUSE-SU-2016:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
            },
            {
              "name": "USN-3056-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3056-1"
            },
            {
              "name": "USN-3052-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3052-1"
            },
            {
              "name": "USN-3049-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3049-1"
            },
            {
              "name": "RHSA-2016:1541",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
            },
            {
              "name": "SUSE-SU-2016:2014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
            },
            {
              "name": "SUSE-SU-2016:2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "RHSA-2016:1539",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
            },
            {
              "name": "1036763",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036763"
            },
            {
              "name": "RHSA-2016:1532",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
            },
            {
              "name": "RHSA-2016:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
            },
            {
              "name": "SUSE-SU-2016:2009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
            },
            {
              "name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
            },
            {
              "name": "USN-3050-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3050-1"
            },
            {
              "name": "SUSE-SU-2016:2005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
            },
            {
              "name": "SUSE-SU-2016:2007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
            },
            {
              "name": "SUSE-SU-2016:1999",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
            },
            {
              "name": "SUSE-SU-2016:2000",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
            },
            {
              "name": "RHSA-2016:2076",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
            },
            {
              "name": "USN-3057-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3057-1"
            },
            {
              "name": "SUSE-SU-2016:1995",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
            },
            {
              "name": "RHSA-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "SUSE-SU-2016:2002",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-4470",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:25.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3707 (GCVE-0-2016-3707)

    Vulnerability from nvd – Published: 2016-06-27 10:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.462Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:1341",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1341"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "RHSA-2016:1301",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1301"
              },
              {
                "name": "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:1341",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1341"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "RHSA-2016:1301",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1301"
            },
            {
              "name": "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-3707",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.462Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9904 (GCVE-0-2014-9904)

    Vulnerability from nvd – Published: 2016-06-27 10:00 – Updated: 2024-08-06 14:02
    VLAI
    Summary
    The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:02:37.888Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "1036189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036189"
              },
              {
                "name": "91510",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91510"
              },
              {
                "name": "DSA-3616",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3616"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T09:57:01.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "1036189",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036189"
            },
            {
              "name": "91510",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91510"
            },
            {
              "name": "DSA-3616",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3616"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2014-9904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "1036189",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036189"
                },
                {
                  "name": "91510",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91510"
                },
                {
                  "name": "DSA-3616",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3616"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2014-9904",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-06-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T14:02:37.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4805 (GCVE-0-2016-4805)

    Vulnerability from nvd – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:39
    VLAI
    Summary
    Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:39:26.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "USN-3021-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
              },
              {
                "name": "openSUSE-SU-2016:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "1036763",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036763"
              },
              {
                "name": "[oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/15/2"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-3021-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335803"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "90605",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90605"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-12T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "USN-3021-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "1036763",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036763"
            },
            {
              "name": "[oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/15/2"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-3021-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335803"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "90605",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90605"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "USN-3021-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-2"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
                },
                {
                  "name": "openSUSE-SU-2016:1641",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "1036763",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036763"
                },
                {
                  "name": "[oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/05/15/2"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-3021-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-1"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335803",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335803"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "90605",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90605"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4805",
        "datePublished": "2016-05-23T10:00:00.000Z",
        "dateReserved": "2016-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:39:26.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4569 (GCVE-0-2016-4569)

    Vulnerability from nvd – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-1 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    http://www.ubuntu.com/usn/USN-3017-3 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3018-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3021-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3017-2 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-2584.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1334643 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2574.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3019-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/cec8f96e… x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3016-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3021-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3018-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/90347 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3016-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-4 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3020-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:26.040Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-3017-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
              },
              {
                "name": "USN-3017-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-3"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "USN-3018-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-2"
              },
              {
                "name": "USN-3021-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-2"
              },
              {
                "name": "USN-3017-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-2"
              },
              {
                "name": "RHSA-2016:2584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
              },
              {
                "name": "RHSA-2016:2574",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
              },
              {
                "name": "USN-3019-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3019-1"
              },
              {
                "name": "openSUSE-SU-2016:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-3016-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-2"
              },
              {
                "name": "USN-3016-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-3021-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-1"
              },
              {
                "name": "USN-3018-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-1"
              },
              {
                "name": "90347",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90347"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3016-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-3"
              },
              {
                "name": "USN-3016-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-4"
              },
              {
                "name": "USN-3020-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3020-1"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-3017-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
            },
            {
              "name": "USN-3017-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-3"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "USN-3018-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-2"
            },
            {
              "name": "USN-3021-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-2"
            },
            {
              "name": "USN-3017-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-2"
            },
            {
              "name": "RHSA-2016:2584",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
            },
            {
              "name": "RHSA-2016:2574",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
            },
            {
              "name": "USN-3019-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3019-1"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3016-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-2"
            },
            {
              "name": "USN-3016-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-3021-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-1"
            },
            {
              "name": "USN-3018-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-1"
            },
            {
              "name": "90347",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90347"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3016-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-3"
            },
            {
              "name": "USN-3016-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-4"
            },
            {
              "name": "USN-3020-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3020-1"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4569",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "USN-3017-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-1"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
                },
                {
                  "name": "USN-3017-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-3"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "USN-3018-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3018-2"
                },
                {
                  "name": "USN-3021-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-2"
                },
                {
                  "name": "USN-3017-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-2"
                },
                {
                  "name": "RHSA-2016:2584",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
                },
                {
                  "name": "RHSA-2016:2574",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
                },
                {
                  "name": "USN-3019-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3019-1"
                },
                {
                  "name": "openSUSE-SU-2016:1641",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-3016-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-2"
                },
                {
                  "name": "USN-3016-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-3021-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-1"
                },
                {
                  "name": "USN-3018-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3018-1"
                },
                {
                  "name": "90347",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90347"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-3016-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-3"
                },
                {
                  "name": "USN-3016-4",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-4"
                },
                {
                  "name": "USN-3020-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3020-1"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4569",
        "datePublished": "2016-05-23T10:00:00.000Z",
        "dateReserved": "2016-05-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:26.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4486 (GCVE-0-2016-4486)

    Vulnerability from nvd – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3006-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3004-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3001-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1333316 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/5f8e4474… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/90051 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-3005-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.exploit-db.com/exploits/46006/ exploitx_refsource_EXPLOIT-DB
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3002-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2989-1 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3007-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3003-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2998-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-05-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:25.246Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "USN-3006-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3006-1"
              },
              {
                "name": "USN-3004-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3004-1"
              },
              {
                "name": "USN-3001-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3001-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
              },
              {
                "name": "90051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90051"
              },
              {
                "name": "USN-3005-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3005-1"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "46006",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46006/"
              },
              {
                "name": "openSUSE-SU-2016:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "USN-3000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3000-1"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-3002-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3002-1"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-2989-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2989-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
              },
              {
                "name": "USN-3007-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3007-1"
              },
              {
                "name": "SUSE-SU-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
              },
              {
                "name": "USN-3003-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3003-1"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-2998-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2998-1"
              },
              {
                "name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "USN-3006-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3006-1"
            },
            {
              "name": "USN-3004-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3004-1"
            },
            {
              "name": "USN-3001-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3001-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
            },
            {
              "name": "90051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90051"
            },
            {
              "name": "USN-3005-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3005-1"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "46006",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46006/"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "USN-3000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3002-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3002-1"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2989-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2989-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
            },
            {
              "name": "USN-3007-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3007-1"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
            },
            {
              "name": "USN-3003-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3003-1"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-2998-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2998-1"
            },
            {
              "name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4486",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "USN-3006-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3006-1"
                },
                {
                  "name": "USN-3004-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3004-1"
                },
                {
                  "name": "USN-3001-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3001-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
                },
                {
                  "name": "90051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90051"
                },
                {
                  "name": "USN-3005-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3005-1"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "46006",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46006/"
                },
                {
                  "name": "openSUSE-SU-2016:1641",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
                },
                {
                  "name": "USN-2997-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2997-1"
                },
                {
                  "name": "USN-3000-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3000-1"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-3002-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3002-1"
                },
                {
                  "name": "USN-2996-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2996-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-2989-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2989-1"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
                },
                {
                  "name": "USN-3007-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3007-1"
                },
                {
                  "name": "SUSE-SU-2016:2074",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
                },
                {
                  "name": "USN-3003-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3003-1"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-2998-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2998-1"
                },
                {
                  "name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4486",
        "datePublished": "2016-05-23T10:00:00.000Z",
        "dateReserved": "2016-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:25.246Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4482 (GCVE-0-2016-4482)

    Vulnerability from nvd – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/90029 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=1332931 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3017-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-3 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3018-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3021-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3017-2 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3019-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3016-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3021-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3018-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/05/04/2 mailing-listx_refsource_MLIST
    https://github.com/torvalds/linux/commit/681fef83… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3016-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-4 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3020-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:25.667Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "90029",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90029"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
              },
              {
                "name": "USN-3017-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-1"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "USN-3017-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-3"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "USN-3018-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-2"
              },
              {
                "name": "USN-3021-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-2"
              },
              {
                "name": "USN-3017-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
              },
              {
                "name": "USN-3019-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3019-1"
              },
              {
                "name": "openSUSE-SU-2016:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-3016-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-2"
              },
              {
                "name": "USN-3016-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-3021-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-1"
              },
              {
                "name": "USN-3018-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-1"
              },
              {
                "name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
              },
              {
                "name": "FEDORA-2016-4ce97823af",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3016-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-3"
              },
              {
                "name": "USN-3016-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-4"
              },
              {
                "name": "USN-3020-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3020-1"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "90029",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90029"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
            },
            {
              "name": "USN-3017-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-1"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "USN-3017-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-3"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "USN-3018-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-2"
            },
            {
              "name": "USN-3021-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-2"
            },
            {
              "name": "USN-3017-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
            },
            {
              "name": "USN-3019-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3019-1"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3016-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-2"
            },
            {
              "name": "USN-3016-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-3021-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-1"
            },
            {
              "name": "USN-3018-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-1"
            },
            {
              "name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
            },
            {
              "name": "FEDORA-2016-4ce97823af",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3016-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-3"
            },
            {
              "name": "USN-3016-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-4"
            },
            {
              "name": "USN-3020-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3020-1"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "90029",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90029"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
                },
                {
                  "name": "USN-3017-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-1"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "USN-3017-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-3"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "USN-3018-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3018-2"
                },
                {
                  "name": "USN-3021-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-2"
                },
                {
                  "name": "USN-3017-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-2"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
                },
                {
                  "name": "USN-3019-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3019-1"
                },
                {
                  "name": "openSUSE-SU-2016:1641",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-3016-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-2"
                },
                {
                  "name": "USN-3016-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-3021-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-1"
                },
                {
                  "name": "USN-3018-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3018-1"
                },
                {
                  "name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
                },
                {
                  "name": "FEDORA-2016-4ce97823af",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-3016-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-3"
                },
                {
                  "name": "USN-3016-4",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-4"
                },
                {
                  "name": "USN-3020-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3020-1"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4482",
        "datePublished": "2016-05-23T10:00:00.000Z",
        "dateReserved": "2016-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:25.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3951 (GCVE-0-2016-3951)

    Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-06 00:10
    VLAI
    Summary
    Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3004-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3001-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/torvalds/linux/commit/4d06dd53… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=1324782 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3021-2 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/91028 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1036763 vdb-entryx_refsource_SECTRACK
    http://www.ubuntu.com/usn/USN-3002-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3021-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/04/06/4 mailing-listx_refsource_MLIST
    https://github.com/torvalds/linux/commit/1666984c… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2989-1 vendor-advisoryx_refsource_UBUNTU
    https://www.spinics.net/lists/netdev/msg367669.html mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3003-1 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2998-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:10:31.959Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "USN-3004-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3004-1"
              },
              {
                "name": "USN-3001-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3001-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324782"
              },
              {
                "name": "USN-3021-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "USN-3000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3000-1"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "91028",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91028"
              },
              {
                "name": "1036763",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036763"
              },
              {
                "name": "USN-3002-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3002-1"
              },
              {
                "name": "USN-3021-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-1"
              },
              {
                "name": "[oss-security] 20160406 Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/04/06/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b"
              },
              {
                "name": "USN-2989-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2989-1"
              },
              {
                "name": "[netdev] 20160304 Re: Possible double-free in the usbnet driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.spinics.net/lists/netdev/msg367669.html"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "name": "USN-3003-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3003-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274"
              },
              {
                "name": "USN-2998-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2998-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-12T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "USN-3004-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3004-1"
            },
            {
              "name": "USN-3001-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3001-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324782"
            },
            {
              "name": "USN-3021-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-3000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "91028",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91028"
            },
            {
              "name": "1036763",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036763"
            },
            {
              "name": "USN-3002-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3002-1"
            },
            {
              "name": "USN-3021-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-1"
            },
            {
              "name": "[oss-security] 20160406 Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/04/06/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b"
            },
            {
              "name": "USN-2989-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2989-1"
            },
            {
              "name": "[netdev] 20160304 Re: Possible double-free in the usbnet driver",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.spinics.net/lists/netdev/msg367669.html"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "USN-3003-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3003-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274"
            },
            {
              "name": "USN-2998-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2998-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3951",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "USN-3004-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3004-1"
                },
                {
                  "name": "USN-3001-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3001-1"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/4d06dd537f95683aba3651098ae288b7cbff8274"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1324782",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324782"
                },
                {
                  "name": "USN-3021-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-2"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b"
                },
                {
                  "name": "SUSE-SU-2016:1764",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
                },
                {
                  "name": "USN-3000-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3000-1"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "91028",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91028"
                },
                {
                  "name": "1036763",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036763"
                },
                {
                  "name": "USN-3002-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3002-1"
                },
                {
                  "name": "USN-3021-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-1"
                },
                {
                  "name": "[oss-security] 20160406 Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/04/06/4"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/1666984c8625b3db19a9abc298931d35ab7bc64b"
                },
                {
                  "name": "USN-2989-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2989-1"
                },
                {
                  "name": "[netdev] 20160304 Re: Possible double-free in the usbnet driver",
                  "refsource": "MLIST",
                  "url": "https://www.spinics.net/lists/netdev/msg367669.html"
                },
                {
                  "name": "openSUSE-SU-2016:1382",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
                },
                {
                  "name": "USN-3003-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3003-1"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274"
                },
                {
                  "name": "USN-2998-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2998-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3951",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:10:31.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3689 (GCVE-0-2016-3689)

    Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2971-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.novell.com/show_bug.cgi?id=971628 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2970-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1035441 vdb-entryx_refsource_SECTRACK
    https://github.com/torvalds/linux/commit/a0ad220c… x_refsource_CONFIRM
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2968-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1320060 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2971-3 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2971-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2968-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2016/03/30/6 mailing-listx_refsource_MLIST
    Date Public
    2016-03-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2971-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-2"
              },
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=971628"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-2970-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2970-1"
              },
              {
                "name": "1035441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035441"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff"
              },
              {
                "name": "USN-2968-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320060"
              },
              {
                "name": "USN-2971-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-3"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "USN-3000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3000-1"
              },
              {
                "name": "USN-2971-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-1"
              },
              {
                "name": "USN-2968-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-2"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
              },
              {
                "name": "[oss-security] 20160330 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/30/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-02T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2971-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=971628"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "name": "1035441",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035441"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff"
            },
            {
              "name": "USN-2968-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320060"
            },
            {
              "name": "USN-2971-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-3000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "USN-2971-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "USN-2968-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            },
            {
              "name": "[oss-security] 20160330 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/30/6"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-3689",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3140 (GCVE-0-2016-3140)

    Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2971-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.exploit-db.com/exploits/39537/ exploitx_refsource_EXPLOIT-DB
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2970-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1316995 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2968-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2971-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2971-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/torvalds/linux/commit/5a07975a… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2968-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/84304 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2016/03/14/6 mailing-listx_refsource_MLIST
    Date Public
    2016-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:57.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2971-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-2"
              },
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "39537",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39537/"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-2970-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2970-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
              },
              {
                "name": "USN-2968-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-1"
              },
              {
                "name": "USN-2971-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-3"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "USN-3000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3000-1"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-2971-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
              },
              {
                "name": "SUSE-SU-2016:1707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-2968-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-2"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "name": "SUSE-SU-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
              },
              {
                "name": "84304",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84304"
              },
              {
                "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:57.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "USN-2971-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "39537",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39537/"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
            },
            {
              "name": "USN-2968-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "USN-2971-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-3000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            },
            {
              "name": "84304",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84304"
            },
            {
              "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "ID": "CVE-2016-3140",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2971-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-2"
                },
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "39537",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/39537/"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "USN-2970-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2970-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
                },
                {
                  "name": "USN-2968-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-1"
                },
                {
                  "name": "USN-2971-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-3"
                },
                {
                  "name": "USN-2997-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2997-1"
                },
                {
                  "name": "SUSE-SU-2016:1764",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
                },
                {
                  "name": "USN-3000-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3000-1"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-2971-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-1"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
                },
                {
                  "name": "SUSE-SU-2016:1707",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
                },
                {
                  "name": "USN-2996-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2996-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-2968-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-2"
                },
                {
                  "name": "openSUSE-SU-2016:1382",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
                },
                {
                  "name": "SUSE-SU-2016:2074",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
                },
                {
                  "name": "84304",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84304"
                },
                {
                  "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-3140",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:57.302Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3138 (GCVE-0-2016-3138)

    Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2971-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2970-1 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2969-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2968-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2971-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2971-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/03/14/4 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2968-2 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1316204 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/8835ba4a… x_refsource_CONFIRM
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    Date Public
    2016-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:57.268Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2971-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-2"
              },
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-2970-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2970-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
              },
              {
                "name": "USN-2969-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2969-1"
              },
              {
                "name": "USN-2968-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-1"
              },
              {
                "name": "USN-2971-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-3"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-2971-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-1"
              },
              {
                "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
              },
              {
                "name": "SUSE-SU-2016:1707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-2968-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "name": "SUSE-SU-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:49.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "USN-2971-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
            },
            {
              "name": "USN-2969-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2969-1"
            },
            {
              "name": "USN-2968-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "USN-2971-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2016-3138",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2971-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-2"
                },
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "USN-2970-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2970-1"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
                },
                {
                  "name": "USN-2969-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2969-1"
                },
                {
                  "name": "USN-2968-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-1"
                },
                {
                  "name": "USN-2971-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-3"
                },
                {
                  "name": "USN-2997-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2997-1"
                },
                {
                  "name": "SUSE-SU-2016:1764",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-2971-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-1"
                },
                {
                  "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
                },
                {
                  "name": "SUSE-SU-2016:1707",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
                },
                {
                  "name": "USN-2996-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2996-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-2968-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-2"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
                },
                {
                  "name": "openSUSE-SU-2016:1382",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
                },
                {
                  "name": "SUSE-SU-2016:2074",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-3138",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:57.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3137 (GCVE-0-2016-3137)

    Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2971-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2016/03/14/3 mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1316996 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2970-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/torvalds/linux/commit/c55aee1b… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/84300 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2968-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2971-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2971-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2968-2 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    Date Public
    2016-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:57.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2971-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-2"
              },
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-2970-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2970-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
              },
              {
                "name": "84300",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84300"
              },
              {
                "name": "USN-2968-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-1"
              },
              {
                "name": "USN-2971-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-3"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "USN-3000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3000-1"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-2971-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-1"
              },
              {
                "name": "SUSE-SU-2016:1707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-2968-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "name": "SUSE-SU-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:58.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "USN-2971-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
            },
            {
              "name": "84300",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84300"
            },
            {
              "name": "USN-2968-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "USN-2971-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-3000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2016-3137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2971-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-2"
                },
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "USN-2970-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2970-1"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
                },
                {
                  "name": "84300",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84300"
                },
                {
                  "name": "USN-2968-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-1"
                },
                {
                  "name": "USN-2971-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-3"
                },
                {
                  "name": "USN-2997-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2997-1"
                },
                {
                  "name": "SUSE-SU-2016:1764",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
                },
                {
                  "name": "USN-3000-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3000-1"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-2971-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-1"
                },
                {
                  "name": "SUSE-SU-2016:1707",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
                },
                {
                  "name": "USN-2996-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2996-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-2968-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-2"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
                },
                {
                  "name": "openSUSE-SU-2016:1382",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
                },
                {
                  "name": "SUSE-SU-2016:2074",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-3137",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:57.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3136 (GCVE-0-2016-3136)

    Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2971-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2970-1 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1283370 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2968-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/03/14/2 mailing-listx_refsource_MLIST
    https://github.com/torvalds/linux/commit/4e9a0b05… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2971-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    https://www.exploit-db.com/exploits/39541/ exploitx_refsource_EXPLOIT-DB
    http://www.ubuntu.com/usn/USN-2971-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1317007 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2968-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/84299 vdb-entryx_refsource_BID
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    Date Public
    2016-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:57.405Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2971-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-2"
              },
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-2970-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2970-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283370"
              },
              {
                "name": "USN-2968-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-1"
              },
              {
                "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/14/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e"
              },
              {
                "name": "USN-2971-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-3"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "USN-3000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3000-1"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "39541",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39541/"
              },
              {
                "name": "USN-2971-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317007"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "USN-2968-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-2"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "name": "84299",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84299"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:30.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "USN-2971-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283370"
            },
            {
              "name": "USN-2968-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/14/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e"
            },
            {
              "name": "USN-2971-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-3000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "39541",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39541/"
            },
            {
              "name": "USN-2971-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317007"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "USN-2968-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "84299",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84299"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2016-3136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2971-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-2"
                },
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "USN-2970-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2970-1"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283370",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283370"
                },
                {
                  "name": "USN-2968-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-1"
                },
                {
                  "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/14/2"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e"
                },
                {
                  "name": "USN-2971-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-3"
                },
                {
                  "name": "USN-2997-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2997-1"
                },
                {
                  "name": "SUSE-SU-2016:1764",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
                },
                {
                  "name": "USN-3000-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3000-1"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "39541",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/39541/"
                },
                {
                  "name": "USN-2971-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317007",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317007"
                },
                {
                  "name": "USN-2996-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2996-1"
                },
                {
                  "name": "USN-2968-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-2"
                },
                {
                  "name": "openSUSE-SU-2016:1382",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
                },
                {
                  "name": "84299",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84299"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-3136",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:57.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2188 (GCVE-0-2016-2188)

    Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
    VLAI
    Summary
    The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2971-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.exploit-db.com/exploits/39556/ exploitx_refsource_EXPLOIT-DB
    http://seclists.org/bugtraq/2016/Mar/87 mailing-listx_refsource_BUGTRAQ
    https://github.com/torvalds/linux/commit/4ec0ef3a… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2970-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2969-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2968-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1317018 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2971-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2971-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2968-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://seclists.org/bugtraq/2016/Mar/118 mailing-listx_refsource_BUGTRAQ
    Date Public
    2016-03-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:24:48.299Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2971-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-2"
              },
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "39556",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39556/"
              },
              {
                "name": "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2016/Mar/87"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-2970-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2970-1"
              },
              {
                "name": "USN-2969-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2969-1"
              },
              {
                "name": "USN-2968-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018"
              },
              {
                "name": "USN-2971-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-3"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "USN-2971-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-1"
              },
              {
                "name": "SUSE-SU-2016:1707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-2968-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-2"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "name": "SUSE-SU-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0"
              },
              {
                "name": "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2016/Mar/118"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2971-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "39556",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39556/"
            },
            {
              "name": "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2016/Mar/87"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "name": "USN-2969-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2969-1"
            },
            {
              "name": "USN-2968-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018"
            },
            {
              "name": "USN-2971-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-2971-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0"
            },
            {
              "name": "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2016/Mar/118"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-2188",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:24:48.299Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2186 (GCVE-0-2016-2186)

    Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
    VLAI
    Summary
    The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2971-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/84337 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2970-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1317015 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2969-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2968-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2971-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://seclists.org/bugtraq/2016/Mar/117 mailing-listx_refsource_BUGTRAQ
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2971-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2968-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://seclists.org/bugtraq/2016/Mar/85 mailing-listx_refsource_BUGTRAQ
    https://github.com/torvalds/linux/commit/9c6ba456… x_refsource_CONFIRM
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    Date Public
    2016-03-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:24:48.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2971-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-2"
              },
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f"
              },
              {
                "name": "84337",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84337"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-2970-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2970-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317015"
              },
              {
                "name": "USN-2969-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2969-1"
              },
              {
                "name": "USN-2968-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-1"
              },
              {
                "name": "USN-2971-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-3"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2016/Mar/117"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-2971-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-1"
              },
              {
                "name": "SUSE-SU-2016:1707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-2968-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-2"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "name": "SUSE-SU-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
              },
              {
                "name": "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2016/Mar/85"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-29T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2971-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f"
            },
            {
              "name": "84337",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84337"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317015"
            },
            {
              "name": "USN-2969-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2969-1"
            },
            {
              "name": "USN-2968-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "USN-2971-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2016/Mar/117"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2016/Mar/85"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-2186",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:24:48.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2185 (GCVE-0-2016-2185)

    Vulnerability from nvd – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:24
    VLAI
    Summary
    The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2971-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/84341 vdb-entryx_refsource_BID
    https://bugzilla.redhat.com/show_bug.cgi?id=1283363 x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1317014 x_refsource_CONFIRM
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2970-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1283362 x_refsource_CONFIRM
    http://seclists.org/bugtraq/2016/Mar/90 mailing-listx_refsource_BUGTRAQ
    http://www.ubuntu.com/usn/USN-2969-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2968-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2971-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2971-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2968-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/950336ba… x_refsource_CONFIRM
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    http://seclists.org/bugtraq/2016/Mar/116 mailing-listx_refsource_BUGTRAQ
    Date Public
    2016-03-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:24:48.335Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2971-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-2"
              },
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "84341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84341"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-2970-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2970-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
              },
              {
                "name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2016/Mar/90"
              },
              {
                "name": "USN-2969-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2969-1"
              },
              {
                "name": "USN-2968-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-1"
              },
              {
                "name": "USN-2971-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-3"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-2971-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-1"
              },
              {
                "name": "SUSE-SU-2016:1707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-2968-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-2"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "name": "SUSE-SU-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
              },
              {
                "name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2016/Mar/116"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-29T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2971-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "84341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84341"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
            },
            {
              "name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2016/Mar/90"
            },
            {
              "name": "USN-2969-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2969-1"
            },
            {
              "name": "USN-2968-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "USN-2971-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            },
            {
              "name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2016/Mar/116"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-2185",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:24:48.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4997 (GCVE-0-2016-4997)

    Vulnerability from cvelistv5 – Published: 2016-07-03 21:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-1 vendor-advisoryx_refsource_UBUNTU
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-3 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-1847.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1349722 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3018-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-2 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-1875.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3019-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3016-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/06/24/5 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.exploit-db.com/exploits/40435/ exploitx_refsource_EXPLOIT-DB
    https://github.com/torvalds/linux/commit/ce683e5f… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3018-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1036171 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/40489/ exploitx_refsource_EXPLOIT-DB
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-1883.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3016-3 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    http://www.ubuntu.com/usn/USN-3016-4 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/91451 vdb-entryx_refsource_BID
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3020-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/nccgroup/TriforceLinuxSyscallF… x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-06-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.226Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:2180",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "SUSE-SU-2016:1709",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html"
              },
              {
                "name": "USN-3017-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "USN-3017-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-3"
              },
              {
                "name": "RHSA-2016:1847",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349722"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "USN-3018-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-2"
              },
              {
                "name": "SUSE-SU-2016:2174",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
              },
              {
                "name": "USN-3017-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-2"
              },
              {
                "name": "RHSA-2016:1875",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
              },
              {
                "name": "USN-3019-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3019-1"
              },
              {
                "name": "SUSE-SU-2016:2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-3016-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-2"
              },
              {
                "name": "USN-3016-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-1"
              },
              {
                "name": "[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/06/24/5"
              },
              {
                "name": "SUSE-SU-2016:2181",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
              },
              {
                "name": "SUSE-SU-2016:2178",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
              },
              {
                "name": "40435",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40435/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
              },
              {
                "name": "USN-3018-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-1"
              },
              {
                "name": "1036171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036171"
              },
              {
                "name": "40489",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40489/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "name": "SUSE-SU-2016:2177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
              },
              {
                "name": "RHSA-2016:1883",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
              },
              {
                "name": "SUSE-SU-2016:2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3016-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-3"
              },
              {
                "name": "SUSE-SU-2016:1710",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html"
              },
              {
                "name": "[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/09/29/10"
              },
              {
                "name": "USN-3016-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-4"
              },
              {
                "name": "91451",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91451"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
              },
              {
                "name": "USN-3020-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3020-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:2180",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "SUSE-SU-2016:1709",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html"
            },
            {
              "name": "USN-3017-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "USN-3017-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-3"
            },
            {
              "name": "RHSA-2016:1847",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349722"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "USN-3018-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-2"
            },
            {
              "name": "SUSE-SU-2016:2174",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
            },
            {
              "name": "USN-3017-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-2"
            },
            {
              "name": "RHSA-2016:1875",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
            },
            {
              "name": "USN-3019-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3019-1"
            },
            {
              "name": "SUSE-SU-2016:2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3016-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-2"
            },
            {
              "name": "USN-3016-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-1"
            },
            {
              "name": "[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/06/24/5"
            },
            {
              "name": "SUSE-SU-2016:2181",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:2178",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
            },
            {
              "name": "40435",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40435/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
            },
            {
              "name": "USN-3018-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-1"
            },
            {
              "name": "1036171",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036171"
            },
            {
              "name": "40489",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40489/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "SUSE-SU-2016:2177",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
            },
            {
              "name": "RHSA-2016:1883",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
            },
            {
              "name": "SUSE-SU-2016:2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3016-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-3"
            },
            {
              "name": "SUSE-SU-2016:1710",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html"
            },
            {
              "name": "[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/09/29/10"
            },
            {
              "name": "USN-3016-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-4"
            },
            {
              "name": "91451",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91451"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
            },
            {
              "name": "USN-3020-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3020-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-4997",
        "datePublished": "2016-07-03T21:00:00.000Z",
        "dateReserved": "2016-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5828 (GCVE-0-2016-5828)

    Vulnerability from cvelistv5 – Published: 2016-06-27 10:00 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-3070-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/06/25/7 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://patchwork.ozlabs.org/patch/636776/ x_refsource_MISC
    http://rhn.redhat.com/errata/RHSA-2016-2574.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3070-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3070-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3071-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3616 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3070-4 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/91415 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3071-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-06-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:10.708Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3070-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-1"
              },
              {
                "name": "[oss-security] 20160625 Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/06/25/7"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://patchwork.ozlabs.org/patch/636776/"
              },
              {
                "name": "RHSA-2016:2574",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
              },
              {
                "name": "USN-3070-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-3"
              },
              {
                "name": "USN-3070-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-2"
              },
              {
                "name": "USN-3071-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3071-1"
              },
              {
                "name": "DSA-3616",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3616"
              },
              {
                "name": "USN-3070-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-4"
              },
              {
                "name": "91415",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91415"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3071-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3071-2"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3070-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-1"
            },
            {
              "name": "[oss-security] 20160625 Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/06/25/7"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://patchwork.ozlabs.org/patch/636776/"
            },
            {
              "name": "RHSA-2016:2574",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
            },
            {
              "name": "USN-3070-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-3"
            },
            {
              "name": "USN-3070-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-2"
            },
            {
              "name": "USN-3071-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3071-1"
            },
            {
              "name": "DSA-3616",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3616"
            },
            {
              "name": "USN-3070-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-4"
            },
            {
              "name": "91415",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91415"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3071-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3071-2"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3070-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-1"
                },
                {
                  "name": "[oss-security] 20160625 Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/06/25/7"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "https://patchwork.ozlabs.org/patch/636776/",
                  "refsource": "MISC",
                  "url": "https://patchwork.ozlabs.org/patch/636776/"
                },
                {
                  "name": "RHSA-2016:2574",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
                },
                {
                  "name": "USN-3070-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-3"
                },
                {
                  "name": "USN-3070-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-2"
                },
                {
                  "name": "USN-3071-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3071-1"
                },
                {
                  "name": "DSA-3616",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3616"
                },
                {
                  "name": "USN-3070-4",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-4"
                },
                {
                  "name": "91415",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91415"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-3071-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3071-2"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5828",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:10.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3707 (GCVE-0-2016-3707)

    Vulnerability from cvelistv5 – Published: 2016-06-27 10:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.462Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:1341",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1341"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "RHSA-2016:1301",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1301"
              },
              {
                "name": "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:1341",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1341"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "RHSA-2016:1301",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1301"
            },
            {
              "name": "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-3707",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.462Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4470 (GCVE-0-2016-4470)

    Vulnerability from cvelistv5 – Published: 2016-06-27 10:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3054-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-1657.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3051-1 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-2128.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-2133.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3053-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3055-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3056-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3052-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3049-1 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-1541.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://rhn.redhat.com/errata/RHSA-2016-1539.html vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1036763 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2016-1532.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2016-2006.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=1341716 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3050-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-2076.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3057-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-2074.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/38327424… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:25.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "name": "SUSE-SU-2016:2010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
              },
              {
                "name": "SUSE-SU-2016:2011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
              },
              {
                "name": "USN-3054-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3054-1"
              },
              {
                "name": "SUSE-SU-2016:2003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
              },
              {
                "name": "RHSA-2016:1657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
              },
              {
                "name": "SUSE-SU-2016:1994",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "USN-3051-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3051-1"
              },
              {
                "name": "RHSA-2016:2128",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
              },
              {
                "name": "SUSE-SU-2016:1961",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
              },
              {
                "name": "RHSA-2016:2133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "name": "SUSE-SU-2016:2001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "USN-3053-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3053-1"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "SUSE-SU-2016:1998",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
              },
              {
                "name": "USN-3055-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3055-1"
              },
              {
                "name": "SUSE-SU-2016:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
              },
              {
                "name": "USN-3056-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3056-1"
              },
              {
                "name": "USN-3052-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3052-1"
              },
              {
                "name": "USN-3049-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3049-1"
              },
              {
                "name": "RHSA-2016:1541",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
              },
              {
                "name": "SUSE-SU-2016:2014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
              },
              {
                "name": "SUSE-SU-2016:2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "RHSA-2016:1539",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
              },
              {
                "name": "1036763",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036763"
              },
              {
                "name": "RHSA-2016:1532",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
              },
              {
                "name": "RHSA-2016:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
              },
              {
                "name": "SUSE-SU-2016:2009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
              },
              {
                "name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
              },
              {
                "name": "USN-3050-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3050-1"
              },
              {
                "name": "SUSE-SU-2016:2005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
              },
              {
                "name": "SUSE-SU-2016:2007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
              },
              {
                "name": "SUSE-SU-2016:1999",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
              },
              {
                "name": "SUSE-SU-2016:2000",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
              },
              {
                "name": "RHSA-2016:2076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
              },
              {
                "name": "USN-3057-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3057-1"
              },
              {
                "name": "SUSE-SU-2016:1995",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
              },
              {
                "name": "RHSA-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "SUSE-SU-2016:2002",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "SUSE-SU-2016:2010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
            },
            {
              "name": "SUSE-SU-2016:2011",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
            },
            {
              "name": "USN-3054-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3054-1"
            },
            {
              "name": "SUSE-SU-2016:2003",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
            },
            {
              "name": "RHSA-2016:1657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
            },
            {
              "name": "SUSE-SU-2016:1994",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "USN-3051-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3051-1"
            },
            {
              "name": "RHSA-2016:2128",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
            },
            {
              "name": "SUSE-SU-2016:1961",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
            },
            {
              "name": "RHSA-2016:2133",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "SUSE-SU-2016:2001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "USN-3053-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3053-1"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "SUSE-SU-2016:1998",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
            },
            {
              "name": "USN-3055-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3055-1"
            },
            {
              "name": "SUSE-SU-2016:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
            },
            {
              "name": "USN-3056-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3056-1"
            },
            {
              "name": "USN-3052-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3052-1"
            },
            {
              "name": "USN-3049-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3049-1"
            },
            {
              "name": "RHSA-2016:1541",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
            },
            {
              "name": "SUSE-SU-2016:2014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
            },
            {
              "name": "SUSE-SU-2016:2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "RHSA-2016:1539",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
            },
            {
              "name": "1036763",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036763"
            },
            {
              "name": "RHSA-2016:1532",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
            },
            {
              "name": "RHSA-2016:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
            },
            {
              "name": "SUSE-SU-2016:2009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
            },
            {
              "name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
            },
            {
              "name": "USN-3050-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3050-1"
            },
            {
              "name": "SUSE-SU-2016:2005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
            },
            {
              "name": "SUSE-SU-2016:2007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
            },
            {
              "name": "SUSE-SU-2016:1999",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
            },
            {
              "name": "SUSE-SU-2016:2000",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
            },
            {
              "name": "RHSA-2016:2076",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
            },
            {
              "name": "USN-3057-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3057-1"
            },
            {
              "name": "SUSE-SU-2016:1995",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
            },
            {
              "name": "RHSA-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "SUSE-SU-2016:2002",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-4470",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:25.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5829 (GCVE-0-2016-5829)

    Vulnerability from cvelistv5 – Published: 2016-06-27 10:00 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-3070-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/91450 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-2584.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2016-2574.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3070-3 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2006.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3070-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3071-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3616 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3070-4 vendor-advisoryx_refsource_UBUNTU
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/93a2001b… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2016/06/26/2 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3072-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3072-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3071-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-06-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:10.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3070-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-1"
              },
              {
                "name": "SUSE-SU-2016:2180",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "91450",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91450"
              },
              {
                "name": "SUSE-SU-2016:2174",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
              },
              {
                "name": "RHSA-2016:2584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
              },
              {
                "name": "RHSA-2016:2574",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
              },
              {
                "name": "USN-3070-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-3"
              },
              {
                "name": "SUSE-SU-2016:2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5"
              },
              {
                "name": "RHSA-2016:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
              },
              {
                "name": "USN-3070-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-2"
              },
              {
                "name": "SUSE-SU-2016:2181",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
              },
              {
                "name": "SUSE-SU-2016:2178",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
              },
              {
                "name": "USN-3071-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3071-1"
              },
              {
                "name": "DSA-3616",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3616"
              },
              {
                "name": "SUSE-SU-2016:2175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"
              },
              {
                "name": "USN-3070-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3070-4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "name": "SUSE-SU-2016:2177",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5"
              },
              {
                "name": "SUSE-SU-2016:2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
              },
              {
                "name": "[oss-security] 20160626 Re: CVE Request: Linux kernel HID: hiddev buffer overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/06/26/2"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3072-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3072-2"
              },
              {
                "name": "USN-3072-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3072-1"
              },
              {
                "name": "USN-3071-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3071-2"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3070-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-1"
            },
            {
              "name": "SUSE-SU-2016:2180",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "91450",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91450"
            },
            {
              "name": "SUSE-SU-2016:2174",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
            },
            {
              "name": "RHSA-2016:2584",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
            },
            {
              "name": "RHSA-2016:2574",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
            },
            {
              "name": "USN-3070-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-3"
            },
            {
              "name": "SUSE-SU-2016:2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5"
            },
            {
              "name": "RHSA-2016:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
            },
            {
              "name": "USN-3070-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-2"
            },
            {
              "name": "SUSE-SU-2016:2181",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:2178",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
            },
            {
              "name": "USN-3071-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3071-1"
            },
            {
              "name": "DSA-3616",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3616"
            },
            {
              "name": "SUSE-SU-2016:2175",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"
            },
            {
              "name": "USN-3070-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3070-4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "SUSE-SU-2016:2177",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5"
            },
            {
              "name": "SUSE-SU-2016:2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
            },
            {
              "name": "[oss-security] 20160626 Re: CVE Request: Linux kernel HID: hiddev buffer overflows",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/06/26/2"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3072-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3072-2"
            },
            {
              "name": "USN-3072-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3072-1"
            },
            {
              "name": "USN-3071-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3071-2"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3070-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-1"
                },
                {
                  "name": "SUSE-SU-2016:2180",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "91450",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91450"
                },
                {
                  "name": "SUSE-SU-2016:2174",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
                },
                {
                  "name": "RHSA-2016:2584",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
                },
                {
                  "name": "RHSA-2016:2574",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
                },
                {
                  "name": "USN-3070-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-3"
                },
                {
                  "name": "SUSE-SU-2016:2018",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5"
                },
                {
                  "name": "RHSA-2016:2006",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
                },
                {
                  "name": "USN-3070-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-2"
                },
                {
                  "name": "SUSE-SU-2016:2181",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
                },
                {
                  "name": "SUSE-SU-2016:2178",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
                },
                {
                  "name": "USN-3071-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3071-1"
                },
                {
                  "name": "DSA-3616",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3616"
                },
                {
                  "name": "SUSE-SU-2016:2175",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"
                },
                {
                  "name": "USN-3070-4",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3070-4"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
                },
                {
                  "name": "SUSE-SU-2016:2177",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5"
                },
                {
                  "name": "SUSE-SU-2016:2179",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
                },
                {
                  "name": "[oss-security] 20160626 Re: CVE Request: Linux kernel HID: hiddev buffer overflows",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/06/26/2"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-3072-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3072-2"
                },
                {
                  "name": "USN-3072-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3072-1"
                },
                {
                  "name": "USN-3071-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3071-2"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5829",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:10.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9904 (GCVE-0-2014-9904)

    Vulnerability from cvelistv5 – Published: 2016-06-27 10:00 – Updated: 2024-08-06 14:02
    VLAI
    Summary
    The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:02:37.888Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "1036189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036189"
              },
              {
                "name": "91510",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91510"
              },
              {
                "name": "DSA-3616",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3616"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T09:57:01.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "1036189",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036189"
            },
            {
              "name": "91510",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91510"
            },
            {
              "name": "DSA-3616",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3616"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2014-9904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "1036189",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036189"
                },
                {
                  "name": "91510",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91510"
                },
                {
                  "name": "DSA-3616",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3616"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2014-9904",
        "datePublished": "2016-06-27T10:00:00.000Z",
        "dateReserved": "2016-06-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T14:02:37.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4482 (GCVE-0-2016-4482)

    Vulnerability from cvelistv5 – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/90029 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=1332931 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3017-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-3 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3018-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3021-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3017-2 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3019-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3016-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3021-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3018-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/05/04/2 mailing-listx_refsource_MLIST
    https://github.com/torvalds/linux/commit/681fef83… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3016-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-4 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3020-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:25.667Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "90029",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90029"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
              },
              {
                "name": "USN-3017-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-1"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "USN-3017-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-3"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "USN-3018-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-2"
              },
              {
                "name": "USN-3021-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-2"
              },
              {
                "name": "USN-3017-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
              },
              {
                "name": "USN-3019-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3019-1"
              },
              {
                "name": "openSUSE-SU-2016:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-3016-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-2"
              },
              {
                "name": "USN-3016-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-3021-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-1"
              },
              {
                "name": "USN-3018-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-1"
              },
              {
                "name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
              },
              {
                "name": "FEDORA-2016-4ce97823af",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3016-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-3"
              },
              {
                "name": "USN-3016-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-4"
              },
              {
                "name": "USN-3020-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3020-1"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "90029",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90029"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
            },
            {
              "name": "USN-3017-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-1"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "USN-3017-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-3"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "USN-3018-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-2"
            },
            {
              "name": "USN-3021-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-2"
            },
            {
              "name": "USN-3017-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
            },
            {
              "name": "USN-3019-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3019-1"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3016-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-2"
            },
            {
              "name": "USN-3016-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-3021-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-1"
            },
            {
              "name": "USN-3018-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-1"
            },
            {
              "name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
            },
            {
              "name": "FEDORA-2016-4ce97823af",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3016-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-3"
            },
            {
              "name": "USN-3016-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-4"
            },
            {
              "name": "USN-3020-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3020-1"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "90029",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90029"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332931"
                },
                {
                  "name": "USN-3017-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-1"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "USN-3017-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-3"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "USN-3018-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3018-2"
                },
                {
                  "name": "USN-3021-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-2"
                },
                {
                  "name": "USN-3017-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-2"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"
                },
                {
                  "name": "USN-3019-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3019-1"
                },
                {
                  "name": "openSUSE-SU-2016:1641",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-3016-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-2"
                },
                {
                  "name": "USN-3016-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-3021-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-1"
                },
                {
                  "name": "USN-3018-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3018-1"
                },
                {
                  "name": "[oss-security] 20160503 CVE Request: information leak in devio of Linux kernel",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/05/04/2"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee"
                },
                {
                  "name": "FEDORA-2016-4ce97823af",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-3016-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-3"
                },
                {
                  "name": "USN-3016-4",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-4"
                },
                {
                  "name": "USN-3020-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3020-1"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4482",
        "datePublished": "2016-05-23T10:00:00.000Z",
        "dateReserved": "2016-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:25.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4805 (GCVE-0-2016-4805)

    Vulnerability from cvelistv5 – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:39
    VLAI
    Summary
    Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:39:26.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "USN-3021-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
              },
              {
                "name": "openSUSE-SU-2016:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "1036763",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036763"
              },
              {
                "name": "[oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/15/2"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-3021-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335803"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "90605",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90605"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-12T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "USN-3021-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "1036763",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036763"
            },
            {
              "name": "[oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/15/2"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-3021-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335803"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "90605",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90605"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "USN-3021-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-2"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"
                },
                {
                  "name": "openSUSE-SU-2016:1641",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "1036763",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036763"
                },
                {
                  "name": "[oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/05/15/2"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-3021-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-1"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335803",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335803"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "90605",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90605"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4805",
        "datePublished": "2016-05-23T10:00:00.000Z",
        "dateReserved": "2016-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:39:26.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4486 (GCVE-0-2016-4486)

    Vulnerability from cvelistv5 – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3006-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3004-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3001-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1333316 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/5f8e4474… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/90051 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-3005-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.exploit-db.com/exploits/46006/ exploitx_refsource_EXPLOIT-DB
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3002-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2989-1 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3007-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3003-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2998-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-05-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:25.246Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "USN-3006-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3006-1"
              },
              {
                "name": "USN-3004-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3004-1"
              },
              {
                "name": "USN-3001-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3001-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
              },
              {
                "name": "90051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90051"
              },
              {
                "name": "USN-3005-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3005-1"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "46006",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46006/"
              },
              {
                "name": "openSUSE-SU-2016:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "USN-3000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3000-1"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-3002-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3002-1"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-2989-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2989-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
              },
              {
                "name": "USN-3007-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3007-1"
              },
              {
                "name": "SUSE-SU-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
              },
              {
                "name": "USN-3003-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3003-1"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-2998-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2998-1"
              },
              {
                "name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "USN-3006-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3006-1"
            },
            {
              "name": "USN-3004-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3004-1"
            },
            {
              "name": "USN-3001-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3001-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
            },
            {
              "name": "90051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90051"
            },
            {
              "name": "USN-3005-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3005-1"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "46006",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46006/"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "USN-3000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3002-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3002-1"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2989-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2989-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
            },
            {
              "name": "USN-3007-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3007-1"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
            },
            {
              "name": "USN-3003-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3003-1"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-2998-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2998-1"
            },
            {
              "name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4486",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "USN-3006-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3006-1"
                },
                {
                  "name": "USN-3004-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3004-1"
                },
                {
                  "name": "USN-3001-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3001-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
                },
                {
                  "name": "90051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90051"
                },
                {
                  "name": "USN-3005-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3005-1"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "46006",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46006/"
                },
                {
                  "name": "openSUSE-SU-2016:1641",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
                },
                {
                  "name": "USN-2997-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2997-1"
                },
                {
                  "name": "USN-3000-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3000-1"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-3002-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3002-1"
                },
                {
                  "name": "USN-2996-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2996-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-2989-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2989-1"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"
                },
                {
                  "name": "USN-3007-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3007-1"
                },
                {
                  "name": "SUSE-SU-2016:2074",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"
                },
                {
                  "name": "USN-3003-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3003-1"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-2998-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2998-1"
                },
                {
                  "name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/05/04/27"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4486",
        "datePublished": "2016-05-23T10:00:00.000Z",
        "dateReserved": "2016-05-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:25.246Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4569 (GCVE-0-2016-4569)

    Vulnerability from cvelistv5 – Published: 2016-05-23 10:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3017-1 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2016/0… mailing-listx_refsource_MLIST
    http://www.ubuntu.com/usn/USN-3017-3 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3018-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3021-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3017-2 vendor-advisoryx_refsource_UBUNTU
    http://rhn.redhat.com/errata/RHSA-2016-2584.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1334643 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2574.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-3019-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/cec8f96e… x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-3016-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3021-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3018-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/90347 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3016-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3016-4 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-3020-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2016-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:26.040Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-3017-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
              },
              {
                "name": "SUSE-SU-2016:1985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
              },
              {
                "name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
              },
              {
                "name": "USN-3017-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-3"
              },
              {
                "name": "openSUSE-SU-2016:2184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
              },
              {
                "name": "USN-3018-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-2"
              },
              {
                "name": "USN-3021-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-2"
              },
              {
                "name": "USN-3017-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3017-2"
              },
              {
                "name": "RHSA-2016:2584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
              },
              {
                "name": "RHSA-2016:2574",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
              },
              {
                "name": "USN-3019-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3019-1"
              },
              {
                "name": "openSUSE-SU-2016:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-3016-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-2"
              },
              {
                "name": "USN-3016-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-3021-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3021-1"
              },
              {
                "name": "USN-3018-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3018-1"
              },
              {
                "name": "90347",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90347"
              },
              {
                "name": "SUSE-SU-2016:2105",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
              },
              {
                "name": "USN-3016-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-3"
              },
              {
                "name": "USN-3016-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3016-4"
              },
              {
                "name": "USN-3020-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3020-1"
              },
              {
                "name": "SUSE-SU-2016:1937",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-3017-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
            },
            {
              "name": "USN-3017-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-3"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "USN-3018-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-2"
            },
            {
              "name": "USN-3021-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-2"
            },
            {
              "name": "USN-3017-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3017-2"
            },
            {
              "name": "RHSA-2016:2584",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
            },
            {
              "name": "RHSA-2016:2574",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
            },
            {
              "name": "USN-3019-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3019-1"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3016-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-2"
            },
            {
              "name": "USN-3016-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-3021-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3021-1"
            },
            {
              "name": "USN-3018-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3018-1"
            },
            {
              "name": "90347",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90347"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "USN-3016-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-3"
            },
            {
              "name": "USN-3016-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3016-4"
            },
            {
              "name": "USN-3020-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3020-1"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-4569",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "USN-3017-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-1"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
                },
                {
                  "name": "SUSE-SU-2016:1985",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
                },
                {
                  "name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"
                },
                {
                  "name": "USN-3017-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-3"
                },
                {
                  "name": "openSUSE-SU-2016:2184",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
                },
                {
                  "name": "USN-3018-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3018-2"
                },
                {
                  "name": "USN-3021-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-2"
                },
                {
                  "name": "USN-3017-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3017-2"
                },
                {
                  "name": "RHSA-2016:2584",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"
                },
                {
                  "name": "RHSA-2016:2574",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
                },
                {
                  "name": "USN-3019-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3019-1"
                },
                {
                  "name": "openSUSE-SU-2016:1641",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-3016-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-2"
                },
                {
                  "name": "USN-3016-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-3021-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3021-1"
                },
                {
                  "name": "USN-3018-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3018-1"
                },
                {
                  "name": "90347",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/90347"
                },
                {
                  "name": "SUSE-SU-2016:2105",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
                },
                {
                  "name": "USN-3016-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-3"
                },
                {
                  "name": "USN-3016-4",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3016-4"
                },
                {
                  "name": "USN-3020-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3020-1"
                },
                {
                  "name": "SUSE-SU-2016:1937",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-4569",
        "datePublished": "2016-05-23T10:00:00.000Z",
        "dateReserved": "2016-05-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:26.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3140 (GCVE-0-2016-3140)

    Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2971-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.exploit-db.com/exploits/39537/ exploitx_refsource_EXPLOIT-DB
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2970-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1316995 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2968-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2971-3 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2997-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3607 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2971-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/torvalds/linux/commit/5a07975a… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2996-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2968-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_CONFIRM
    http://www.kernel.org/pub/linux/kernel/v4.x/Chang… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/84304 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2016/03/14/6 mailing-listx_refsource_MLIST
    Date Public
    2016-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:57.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2971-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-2"
              },
              {
                "name": "SUSE-SU-2016:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
              },
              {
                "name": "39537",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39537/"
              },
              {
                "name": "SUSE-SU-2016:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
              },
              {
                "name": "USN-2970-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2970-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
              },
              {
                "name": "USN-2968-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-1"
              },
              {
                "name": "USN-2971-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-3"
              },
              {
                "name": "USN-2997-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2997-1"
              },
              {
                "name": "SUSE-SU-2016:1764",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
              },
              {
                "name": "USN-3000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3000-1"
              },
              {
                "name": "DSA-3607",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3607"
              },
              {
                "name": "USN-2971-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2971-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
              },
              {
                "name": "SUSE-SU-2016:1707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
              },
              {
                "name": "USN-2996-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2996-1"
              },
              {
                "name": "SUSE-SU-2016:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
              },
              {
                "name": "USN-2968-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2968-2"
              },
              {
                "name": "openSUSE-SU-2016:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
              },
              {
                "name": "SUSE-SU-2016:2074",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
              },
              {
                "name": "84304",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84304"
              },
              {
                "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:57.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "USN-2971-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "39537",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39537/"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
            },
            {
              "name": "USN-2968-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "USN-2971-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-3000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "DSA-3607",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            },
            {
              "name": "84304",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84304"
            },
            {
              "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "ID": "CVE-2016-3140",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2971-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-2"
                },
                {
                  "name": "SUSE-SU-2016:1690",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
                },
                {
                  "name": "39537",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/39537/"
                },
                {
                  "name": "SUSE-SU-2016:1696",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
                },
                {
                  "name": "USN-2970-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2970-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
                },
                {
                  "name": "USN-2968-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-1"
                },
                {
                  "name": "USN-2971-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-3"
                },
                {
                  "name": "USN-2997-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2997-1"
                },
                {
                  "name": "SUSE-SU-2016:1764",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
                },
                {
                  "name": "USN-3000-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3000-1"
                },
                {
                  "name": "DSA-3607",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3607"
                },
                {
                  "name": "USN-2971-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2971-1"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
                },
                {
                  "name": "SUSE-SU-2016:1707",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
                },
                {
                  "name": "USN-2996-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2996-1"
                },
                {
                  "name": "SUSE-SU-2016:1672",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
                },
                {
                  "name": "USN-2968-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2968-2"
                },
                {
                  "name": "openSUSE-SU-2016:1382",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
                },
                {
                  "name": "SUSE-SU-2016:2074",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
                },
                {
                  "name": "84304",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84304"
                },
                {
                  "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-3140",
        "datePublished": "2016-05-02T10:00:00.000Z",
        "dateReserved": "2016-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:57.302Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }