Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2782

Опубликовано: 12 янв. 2016
Источник: redhat
CVSS2: 4
EPSS Низкий

Описание

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1312670kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver

EPSS

Процентиль: 57%
0.00361
Низкий

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2782

CVSS3: 4.6
ubuntu
около 9 лет назад

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

nvd логотип

CVE-2016-2782

CVSS3: 4.6
nvd
около 9 лет назад

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

debian логотип

CVE-2016-2782

CVSS3: 4.6
debian
около 9 лет назад

The treo_attach function in drivers/usb/serial/visor.c in the Linux ke ...

github логотип

GHSA-vg8w-f22r-5p2c

CVSS3: 4.6
github
около 3 лет назад

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

suse-cvrf логотип

SUSE-SU-2016:1019-1

suse-cvrf
около 9 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 57%
0.00361
Низкий

4 Medium

CVSS2