Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-3136

Опубликовано: 09 мар. 2016
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1317007kernel: Crash on invalid USB device descriptors (mct_u232 driver)

EPSS

Процентиль: 42%
0.00202
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-3136

CVSS3: 4.6
ubuntu
почти 10 лет назад

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

nvd логотип

CVE-2016-3136

CVSS3: 4.6
nvd
почти 10 лет назад

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

debian логотип

CVE-2016-3136

CVSS3: 4.6
debian
почти 10 лет назад

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in ...

github логотип

GHSA-8w82-whc6-r426

CVSS3: 4.6
github
больше 3 лет назад

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

suse-cvrf логотип

openSUSE-SU-2016:1382-1

suse-cvrf
больше 9 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 42%
0.00202
Низкий

4.9 Medium

CVSS2

Уязвимость CVE-2016-3136