CVE-2015-8816

Severity

72%

Complexity

39%

Confidentiality

165%

CWE-476: NULL Pointer Dereference

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

CWE-476: NULL Pointer Dereference

CVSS 3.0 Base Score 6.8. CVSS Attack Vector: physical. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Linux

First reported 9 years ago

2016-04-27 17:59:00

Last updated 8 years ago

2016-12-03 03:14:00

Affected Software

Novell SUSE Linux Enterprise Desktop 12.0

12.0

Novell SUSE Linux Enterprise Server 12.0

12.0

Novell SUSE Linux Enterprise Software Development Kit 11.0 Service Pack 4

11.0

Linux Kernel

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea

Vendor Advisory

SUSE-SU-2016:1019

SUSE-SU-2016:1672

Third Party Advisory

SUSE-SU-2016:1690

Third Party Advisory

SUSE-SU-2016:1707

Third Party Advisory

SUSE-SU-2016:1764

Third Party Advisory

SUSE-SU-2016:1961

SUSE-SU-2016:1994

SUSE-SU-2016:1995

SUSE-SU-2016:2001

SUSE-SU-2016:2002

SUSE-SU-2016:2005

SUSE-SU-2016:2006

SUSE-SU-2016:2007

SUSE-SU-2016:2009

SUSE-SU-2016:2010

SUSE-SU-2016:2014

SUSE-SU-2016:2074

http://source.android.com/security/bulletin/2016-07-01.html

Third Party Advisory

DSA-3503

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5

Vendor Advisory

[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

83363

https://bugzilla.redhat.com/show_bug.cgi?id=1311589

Issue Tracking

https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.