Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2384

Опубликовано: 14 фев. 2016
Источник: redhat
CVSS3: 7
CVSS2: 6.2

Описание

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future updates for the respective releases may address the issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2017:081721.03.2017
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2016:258403.11.2016
Red Hat Enterprise Linux 7kernelFixedRHSA-2016:257403.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1308444kernel: double-free in usb-audio triggered by invalid USB descriptor

7 High

CVSS3

6.2 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2384

CVSS3: 4.6
ubuntu
около 9 лет назад

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

nvd логотип

CVE-2016-2384

CVSS3: 4.6
nvd
около 9 лет назад

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

debian логотип

CVE-2016-2384

CVSS3: 4.6
debian
около 9 лет назад

Double free vulnerability in the snd_usbmidi_create function in sound/ ...

github логотип

GHSA-7h8g-mrh3-v7rc

CVSS3: 4.6
github
около 3 лет назад

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

fstec логотип

BDU:2016-00513

CVSS3: 4.6
fstec
больше 9 лет назад

Уязвимость драйвера USB-MIDI ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

7 High

CVSS3

6.2 Medium

CVSS2