Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-3137

Опубликовано: 09 мар. 2016
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1316996kernel: Crash on invalid USB device descriptors (cypress_m8 driver)

EPSS

Процентиль: 5%
0.00021
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-3137

CVSS3: 4.6
ubuntu
почти 10 лет назад

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

nvd логотип

CVE-2016-3137

CVSS3: 4.6
nvd
почти 10 лет назад

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

debian логотип

CVE-2016-3137

CVSS3: 4.6
debian
почти 10 лет назад

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allow ...

github логотип

GHSA-mmxf-q66r-jgpq

CVSS3: 4.6
github
больше 3 лет назад

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

suse-cvrf логотип

openSUSE-SU-2016:1382-1

suse-cvrf
больше 9 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 5%
0.00021
Низкий

4.9 Medium

CVSS2