CVE-2016-2184

Severity

49%

Complexity

39%

Confidentiality

115%

CWE-476: NULL Pointer Dereference

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.

CWE-476: NULL Pointer Dereference

CVSS 3.0 Base Score 4.6. CVSS Attack Vector: physical. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Linux

First reported 8 years ago

2016-04-27 17:59:00

Last updated 7 years ago

2017-09-08 01:29:00

Affected Software

Linux Kernel

Canonical Ubuntu Linux 12.04 LTS

12.04

Novell SUSE Linux Enterprise Desktop 12.0

12.0

Novell SUSE Linux Enterprise Server 12.0

12.0

Novell SUSE Linux Enterprise Software Development Kit 11.0 Service Pack 4

11.0

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be

Vendor Advisory

openSUSE-SU-2016:1008

SUSE-SU-2016:1019

SUSE-SU-2016:1672

Third Party Advisory

SUSE-SU-2016:1690

Third Party Advisory

SUSE-SU-2016:1707

Third Party Advisory

SUSE-SU-2016:1764

Third Party Advisory

SUSE-SU-2016:2074

20160314 Re: oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)

Third Party Advisory, VDB Entry

20160310 oss-2016-16: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)

Third Party Advisory, VDB Entry

20160310 oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)

Third Party Advisory, VDB Entry

DSA-3607

84340

USN-2968-1

USN-2968-2

USN-2969-1

USN-2970-1

USN-2971-1

USN-2971-2

USN-2971-3

USN-2996-1

Third Party Advisory

USN-2997-1

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1317012

Issue Tracking, Third Party Advisory, VDB Entry

https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be

Vendor Advisory

https://source.android.com/security/bulletin/2016-11-01.html

39555

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.