csaf_suse - suse-su-2016:1707-1

suse-su-2016:1707-1

Vulnerability from csaf_suse

Published

2016-06-30 15:03

Modified

2016-06-30 15:03

Summary

Security update for the Linux Kernel

Notes

Title of the patch

Security update for the Linux Kernel

Description of the patch

The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1339: Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times (bnc#969356). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). The following non-security bugs were fixed: - acpi / pci: Account for ARI in _PRT lookups (bsc#968566). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - alsa: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - alsa: rawmidi: Fix race at copying & updating the position (bsc#968018). - alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - alsa: seq: Fix double port list deletion (bsc#968018). - alsa: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - alsa: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - alsa: seq: Fix race at closing in virmidi driver (bsc#968018). - alsa: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - alsa: timer: Call notifier in the same spinlock (bsc#973378). - alsa: timer: Code cleanup (bsc#968018). - alsa: timer: Fix leftover link at closing (bsc#968018). - alsa: timer: Fix link corruption due to double start or stop (bsc#968018). - alsa: timer: Fix race between stop and interrupt (bsc#968018). - alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - alsa: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - alsa: timer: Sync timer deletion at closing the system timer (bsc#973378). - alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378). - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752). - fs, seqfile: always allow oom killer (bnc#968687). - fs/seq_file: fallback to vmalloc allocation (bnc#968687). - fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687). - hpsa: fix issues with multilun devices (bsc#959381). - ibmvscsi: Remove unsupported host config MAD (bsc#973556). - iommu/vt-d: Improve fault handler error messages (bsc#975772). - iommu/vt-d: Ratelimit fault handler (bsc#975772). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - kabi, fs/seq_file: fallback to vmalloc allocation (bnc#968687). - kabi: Import kabi files from kernel 3.0.101-71 - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - kabi: Restore kabi after lock-owner change (bnc#968141). - llist: Add llist_next() (fate#316876). - make vfree() safe to call from interrupt contexts (fate#316876). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - net/core: dev_mc_sync_multiple calls wrong helper (bsc#971433). - net/core: __hw_addr_create_ex does not initialize sync_cnt (bsc#971433). - net/core: __hw_addr_sync_one / _multiple broken (bsc#971433). - net/core: __hw_addr_unsync_one 'from' address not marked synced (bsc#971433). - nfs4: treat lock owners as opaque values (bnc#968141). - nfsd4: return nfserr_symlink on v4 OPEN of non-regular file (bsc#973237). - nfsd: do not fail unchecked creates of non-special files (bsc#973237). - nfs: use smaller allocations for 'struct idmap' (bsc#965923). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - pci: Move pci_ari_enabled() to global header (bsc#968566). - pci: Update PCI VPD size patch to upstream: - PCI: Determine actual VPD size on first access (bsc#971729). - PCI: Update VPD definitions (bsc#971729). - rdma/ucma: Fix AB-BA deadlock (bsc#963998). - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413). - scsi_dh_alua: Do not block request queue if workqueue is active (bsc#960458). - scsi: mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863). - skb: Add inline helper for getting the skb end offset from head (bsc#956852). - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852). - tcp: fix skb_availroom() (bsc#956852). - usb: usbip: fix potential out-of-bounds write (bnc#975945). - vmxnet3: set carrier state properly on probe (bsc#972363). - vmxnet3: set netdev parant device before calling netdev_info (bsc#972363). - xfrm: do not segment UFO packets (bsc#946122). - xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (bsc#965860). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#898592).

Patchnames

slertesp4-kernel-rt-12636

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThe SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n- CVE-2015-1339: Memory leak in the cuse_channel_release function in\n  fs/fuse/cuse.c in the Linux kernel allowed local users to cause a denial\n  of service (memory consumption) or possibly have unspecified other impact\n  by opening /dev/cuse many times (bnc#969356).\n- CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c\n  in the Linux kernel allowed physically proximate attackers to cause\n  a denial of service (NULL pointer dereference and system crash) or\n  possibly have unspecified other impact by inserting a USB device that\n  lacks a bulk-out endpoint (bnc#961512).\n- CVE-2015-8551: The PCI backend driver in Xen, when running on an\n  x86 system and using Linux 3.1.x through 4.3.x as the driver domain,\n  allowed local guest administrators to hit BUG conditions and cause\n  a denial of service (NULL pointer dereference and host OS crash) by\n  leveraging a system with access to a passed-through MSI or MSI-X capable\n  physical PCI device and a crafted sequence of XEN_PCI_OP_* operations,\n  aka \u0027Linux pciback missing sanity checks (bnc#957990).\n- CVE-2015-8552: The PCI backend driver in Xen, when running on an\n  x86 system and using Linux 3.1.x through 4.3.x as the driver domain,\n  allowed local guest administrators to generate a continuous stream\n  of WARN messages and cause a denial of service (disk consumption)\n  by leveraging a system with access to a passed-through MSI or MSI-X\n  capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka\n  \u0027Linux pciback missing sanity checks (bnc#957990).\n- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n  the Linux kernel did not properly maintain a hub-interface data structure,\n  which allowed physically proximate attackers to cause a denial of service\n  (invalid memory access and system crash) or possibly have unspecified\n  other impact by unplugging a USB hub device (bnc#968010).\n- CVE-2016-2143: The fork implementation in the Linux kernel on s390\n  platforms mishandles the case of four page-table levels, which allowed\n  local users to cause a denial of service (system crash) or possibly\n  have unspecified other impact via a crafted application, related to\n  arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h\n  (bnc#970504).\n- CVE-2016-2184: The create_fixed_stream_quirk function in\n  sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed\n  physically proximate attackers to cause a denial of service (NULL pointer\n  dereference or double free, and system crash) via a crafted endpoints\n  value in a USB device descriptor (bnc#971125).\n- CVE-2016-2185: The ati_remote2_probe function in\n  drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically\n  proximate attackers to cause a denial of service (NULL pointer dereference\n  and system crash) via a crafted endpoints value in a USB device descriptor\n  (bnc#971124).\n- CVE-2016-2186: The powermate_probe function in\n  drivers/input/misc/powermate.c in the Linux kernel allowed physically\n  proximate attackers to cause a denial of service (NULL pointer dereference\n  and system crash) via a crafted endpoints value in a USB device descriptor\n  (bnc#970958).\n- CVE-2016-2188: The iowarrior_probe function in\n  drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically\n  proximate attackers to cause a denial of service (NULL pointer dereference\n  and system crash) via a crafted endpoints value in a USB device descriptor\n  (bnc#970956).\n- CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c\n  in the Linux kernel allowed physically proximate attackers to cause a\n  denial of service (NULL pointer dereference and system crash) or possibly\n  have unspecified other impact by inserting a USB device that lacks a\n  (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).\n- CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount\n  of unread data in pipes, which allowed local users to cause a denial of\n  service (memory consumption) by creating many pipes with non-default sizes\n  (bnc#970948).\n- CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel\n  allowed physically proximate attackers to cause a denial of service\n  (NULL pointer dereference and system crash) via a USB device without\n  both an interrupt-in and an interrupt-out endpoint descriptor, related\n  to the cypress_generic_port_probe and cypress_open functions (bnc#970970).\n- CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c\n  in the Linux kernel allowed physically proximate attackers to cause a\n  denial of service (NULL pointer dereference and system crash) via a USB\n  device without both a control and a data endpoint descriptor (bnc#970911).\n- CVE-2016-3139: The wacom_probe function in\n  drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically\n  proximate attackers to cause a denial of service (NULL pointer dereference\n  and system crash) via a crafted endpoints value in a USB device descriptor\n  (bnc#970909).\n- CVE-2016-3140: The digi_port_init function in\n  drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed\n  physically proximate attackers to cause a denial of service (NULL pointer\n  dereference and system crash) via a crafted endpoints value in a USB\n  device descriptor (bnc#970892).\n- CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles\n  destruction of device objects, which allowed guest OS users to cause a\n  denial of service (host OS networking outage) by arranging for a large\n  number of IP addresses (bnc#971360).\n\nThe following non-security bugs were fixed:\n- acpi / pci: Account for ARI in _PRT lookups (bsc#968566).\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570).\n- alsa: pcm: Fix potential deadlock in OSS emulation (bsc#968018).\n- alsa: rawmidi: Fix race at copying \u0026 updating the position (bsc#968018).\n- alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018).\n- alsa: seq: Fix double port list deletion (bsc#968018).\n- alsa: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018).\n- alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).\n- alsa: seq: Fix lockdep warnings due to double mutex locks (bsc#968018).\n- alsa: seq: Fix race at closing in virmidi driver (bsc#968018).\n- alsa: seq: Fix yet another races among ALSA timer accesses (bsc#968018).\n- alsa: timer: Call notifier in the same spinlock (bsc#973378).\n- alsa: timer: Code cleanup (bsc#968018).\n- alsa: timer: Fix leftover link at closing (bsc#968018).\n- alsa: timer: Fix link corruption due to double start or stop (bsc#968018).\n- alsa: timer: Fix race between stop and interrupt (bsc#968018).\n- alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018).\n- alsa: timer: Protect the whole snd_timer_close() with open race (bsc#973378).\n- alsa: timer: Sync timer deletion at closing the system timer (bsc#973378).\n- alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378).\n- dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752).\n- fs, seqfile: always allow oom killer (bnc#968687).\n- fs/seq_file: fallback to vmalloc allocation (bnc#968687).\n- fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687).\n- hpsa: fix issues with multilun devices (bsc#959381).\n- ibmvscsi: Remove unsupported host config MAD (bsc#973556).\n- iommu/vt-d: Improve fault handler error messages (bsc#975772).\n- iommu/vt-d: Ratelimit fault handler (bsc#975772).\n- ipv6: make fib6 serial number per namespace (bsc#965319).\n- ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852).\n- ipv6: per netns fib6 walkers (bsc#965319).\n- ipv6: per netns FIB garbage collection (bsc#965319).\n- ipv6: replace global gc_args with local variable (bsc#965319).\n- kabi, fs/seq_file: fallback to vmalloc allocation (bnc#968687).\n- kabi: Import kabi files from kernel 3.0.101-71\n- kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319).\n- kabi: Restore kabi after lock-owner change (bnc#968141).\n- llist: Add llist_next() (fate#316876).\n- make vfree() safe to call from interrupt contexts (fate#316876).\n- mld, igmp: Fix reserved tailroom calculation (bsc#956852).\n- net/core: dev_mc_sync_multiple calls wrong helper (bsc#971433).\n- net/core: __hw_addr_create_ex does not initialize sync_cnt (bsc#971433).\n- net/core: __hw_addr_sync_one / _multiple broken (bsc#971433).\n- net/core: __hw_addr_unsync_one \u0027from\u0027 address not marked synced (bsc#971433).\n- nfs4: treat lock owners as opaque values (bnc#968141).\n- nfsd4: return nfserr_symlink on v4 OPEN of non-regular file (bsc#973237).\n- nfsd: do not fail unchecked creates of non-special files (bsc#973237).\n- nfs: use smaller allocations for \u0027struct idmap\u0027 (bsc#965923).\n- pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990).\n- pciback: Save the number of MSI-X entries to be copied later (bsc#957988).\n- pci: Move pci_ari_enabled() to global header (bsc#968566).\n- pci: Update PCI VPD size patch to upstream: - PCI: Determine actual VPD size on first access (bsc#971729). - PCI: Update VPD definitions (bsc#971729).\n- rdma/ucma: Fix AB-BA deadlock (bsc#963998).\n- s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413).\n- scsi_dh_alua: Do not block request queue if workqueue is active (bsc#960458).\n- scsi: mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863).\n- skb: Add inline helper for getting the skb end offset from head (bsc#956852).\n- tcp: avoid order-1 allocations on wifi and tx path (bsc#956852).\n- tcp: fix skb_availroom() (bsc#956852).\n- usb: usbip: fix potential out-of-bounds write (bnc#975945).\n- vmxnet3: set carrier state properly on probe (bsc#972363).\n- vmxnet3: set netdev parant device before calling netdev_info (bsc#972363).\n- xfrm: do not segment UFO packets (bsc#946122).\n- xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (bsc#965860).\n- xhci: Workaround to get Intel xHCI reset working more reliably (bnc#898592).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slertesp4-kernel-rt-12636",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1707-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:1707-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161707-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:1707-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-June/002142.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 898592",
        "url": "https://bugzilla.suse.com/898592"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 940413",
        "url": "https://bugzilla.suse.com/940413"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 946122",
        "url": "https://bugzilla.suse.com/946122"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 949752",
        "url": "https://bugzilla.suse.com/949752"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 956852",
        "url": "https://bugzilla.suse.com/956852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 957988",
        "url": "https://bugzilla.suse.com/957988"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 957990",
        "url": "https://bugzilla.suse.com/957990"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 959381",
        "url": "https://bugzilla.suse.com/959381"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 960458",
        "url": "https://bugzilla.suse.com/960458"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 961512",
        "url": "https://bugzilla.suse.com/961512"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 963998",
        "url": "https://bugzilla.suse.com/963998"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 965319",
        "url": "https://bugzilla.suse.com/965319"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 965860",
        "url": "https://bugzilla.suse.com/965860"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 965923",
        "url": "https://bugzilla.suse.com/965923"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 967863",
        "url": "https://bugzilla.suse.com/967863"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 968010",
        "url": "https://bugzilla.suse.com/968010"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 968018",
        "url": "https://bugzilla.suse.com/968018"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 968141",
        "url": "https://bugzilla.suse.com/968141"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 968566",
        "url": "https://bugzilla.suse.com/968566"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 968670",
        "url": "https://bugzilla.suse.com/968670"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 968687",
        "url": "https://bugzilla.suse.com/968687"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 969356",
        "url": "https://bugzilla.suse.com/969356"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970504",
        "url": "https://bugzilla.suse.com/970504"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970892",
        "url": "https://bugzilla.suse.com/970892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970909",
        "url": "https://bugzilla.suse.com/970909"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970911",
        "url": "https://bugzilla.suse.com/970911"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970948",
        "url": "https://bugzilla.suse.com/970948"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970956",
        "url": "https://bugzilla.suse.com/970956"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970958",
        "url": "https://bugzilla.suse.com/970958"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970970",
        "url": "https://bugzilla.suse.com/970970"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 971124",
        "url": "https://bugzilla.suse.com/971124"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 971125",
        "url": "https://bugzilla.suse.com/971125"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 971360",
        "url": "https://bugzilla.suse.com/971360"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 971433",
        "url": "https://bugzilla.suse.com/971433"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 971729",
        "url": "https://bugzilla.suse.com/971729"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 972363",
        "url": "https://bugzilla.suse.com/972363"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 973237",
        "url": "https://bugzilla.suse.com/973237"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 973378",
        "url": "https://bugzilla.suse.com/973378"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 973556",
        "url": "https://bugzilla.suse.com/973556"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 973570",
        "url": "https://bugzilla.suse.com/973570"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 975772",
        "url": "https://bugzilla.suse.com/975772"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 975945",
        "url": "https://bugzilla.suse.com/975945"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-1339 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-1339/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7566 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7566/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8551 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8551/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8552 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8552/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8816 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8816/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2143 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2143/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2184 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2184/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2185 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2185/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2186 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2186/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2188 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2188/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2782 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2782/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2847 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2847/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3137 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3137/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3138 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3138/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3139 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3139/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3140 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3140/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3156 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3156/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2016-06-30T15:03:23Z",
      "generator": {
        "date": "2016-06-30T15:03:23Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:1707-1",
      "initial_release_date": "2016-06-30T15:03:23Z",
      "revision_history": [
        {
          "date": "2016-06-30T15:03:23Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-3.0.101.rt130-54.1.x86_64",
                "product": {
                  "name": "kernel-rt-3.0.101.rt130-54.1.x86_64",
                  "product_id": "kernel-rt-3.0.101.rt130-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-base-3.0.101.rt130-54.1.x86_64",
                "product": {
                  "name": "kernel-rt-base-3.0.101.rt130-54.1.x86_64",
                  "product_id": "kernel-rt-base-3.0.101.rt130-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
                "product": {
                  "name": "kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
                  "product_id": "kernel-rt-devel-3.0.101.rt130-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
                "product": {
                  "name": "kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
                  "product_id": "kernel-rt_trace-3.0.101.rt130-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
                "product": {
                  "name": "kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
                  "product_id": "kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
                "product": {
                  "name": "kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
                  "product_id": "kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-3.0.101.rt130-54.1.x86_64",
                "product": {
                  "name": "kernel-source-rt-3.0.101.rt130-54.1.x86_64",
                  "product_id": "kernel-source-rt-3.0.101.rt130-54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-rt-3.0.101.rt130-54.1.x86_64",
                "product": {
                  "name": "kernel-syms-rt-3.0.101.rt130-54.1.x86_64",
                  "product_id": "kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Real Time 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Real Time 11 SP4",
                  "product_id": "SUSE Linux Enterprise Real Time 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:suse-linux-enterprise-rt:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-3.0.101.rt130-54.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64"
        },
        "product_reference": "kernel-rt-3.0.101.rt130-54.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-base-3.0.101.rt130-54.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64"
        },
        "product_reference": "kernel-rt-base-3.0.101.rt130-54.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-3.0.101.rt130-54.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64"
        },
        "product_reference": "kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_trace-3.0.101.rt130-54.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64"
        },
        "product_reference": "kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64"
        },
        "product_reference": "kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64"
        },
        "product_reference": "kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-3.0.101.rt130-54.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64"
        },
        "product_reference": "kernel-source-rt-3.0.101.rt130-54.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-rt-3.0.101.rt130-54.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
          "product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        },
        "product_reference": "kernel-syms-rt-3.0.101.rt130-54.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-1339",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-1339"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-1339",
          "url": "https://www.suse.com/security/cve/CVE-2015-1339"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969356 for CVE-2015-1339",
          "url": "https://bugzilla.suse.com/969356"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-1339"
    },
    {
      "cve": "CVE-2015-7566",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7566"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7566",
          "url": "https://www.suse.com/security/cve/CVE-2015-7566"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2015-7566",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961512 for CVE-2015-7566",
          "url": "https://bugzilla.suse.com/961512"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-7566"
    },
    {
      "cve": "CVE-2015-8551",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8551"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8551",
          "url": "https://www.suse.com/security/cve/CVE-2015-8551"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2015-8551",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 957990 for CVE-2015-8551",
          "url": "https://bugzilla.suse.com/957990"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8551"
    },
    {
      "cve": "CVE-2015-8552",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8552"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8552",
          "url": "https://www.suse.com/security/cve/CVE-2015-8552"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2015-8552",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 957990 for CVE-2015-8552",
          "url": "https://bugzilla.suse.com/957990"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8552"
    },
    {
      "cve": "CVE-2015-8816",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8816"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8816",
          "url": "https://www.suse.com/security/cve/CVE-2015-8816"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2015-8816",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968010 for CVE-2015-8816",
          "url": "https://bugzilla.suse.com/968010"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979064 for CVE-2015-8816",
          "url": "https://bugzilla.suse.com/979064"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8816"
    },
    {
      "cve": "CVE-2016-2143",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2143"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2143",
          "url": "https://www.suse.com/security/cve/CVE-2016-2143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2016-2143",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970504 for CVE-2016-2143",
          "url": "https://bugzilla.suse.com/970504"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 993872 for CVE-2016-2143",
          "url": "https://bugzilla.suse.com/993872"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-2143"
    },
    {
      "cve": "CVE-2016-2184",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2184"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2184",
          "url": "https://www.suse.com/security/cve/CVE-2016-2184"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-2184",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 971125 for CVE-2016-2184",
          "url": "https://bugzilla.suse.com/971125"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-2184"
    },
    {
      "cve": "CVE-2016-2185",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2185"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2185",
          "url": "https://www.suse.com/security/cve/CVE-2016-2185"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-2185",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 971124 for CVE-2016-2185",
          "url": "https://bugzilla.suse.com/971124"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-2185"
    },
    {
      "cve": "CVE-2016-2186",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2186"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2186",
          "url": "https://www.suse.com/security/cve/CVE-2016-2186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-2186",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970958 for CVE-2016-2186",
          "url": "https://bugzilla.suse.com/970958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-2186"
    },
    {
      "cve": "CVE-2016-2188",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2188"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2188",
          "url": "https://www.suse.com/security/cve/CVE-2016-2188"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-2188",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1067912 for CVE-2016-2188",
          "url": "https://bugzilla.suse.com/1067912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132190 for CVE-2016-2188",
          "url": "https://bugzilla.suse.com/1132190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970956 for CVE-2016-2188",
          "url": "https://bugzilla.suse.com/970956"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-2188"
    },
    {
      "cve": "CVE-2016-2782",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2782"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2782",
          "url": "https://www.suse.com/security/cve/CVE-2016-2782"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-2782",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961512 for CVE-2016-2782",
          "url": "https://bugzilla.suse.com/961512"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968670 for CVE-2016-2782",
          "url": "https://bugzilla.suse.com/968670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-2782"
    },
    {
      "cve": "CVE-2016-2847",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2847"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2847",
          "url": "https://www.suse.com/security/cve/CVE-2016-2847"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-2847",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970948 for CVE-2016-2847",
          "url": "https://bugzilla.suse.com/970948"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 974646 for CVE-2016-2847",
          "url": "https://bugzilla.suse.com/974646"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-2847"
    },
    {
      "cve": "CVE-2016-3137",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3137"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3137",
          "url": "https://www.suse.com/security/cve/CVE-2016-3137"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-3137",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970970 for CVE-2016-3137",
          "url": "https://bugzilla.suse.com/970970"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-3137"
    },
    {
      "cve": "CVE-2016-3138",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3138"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3138",
          "url": "https://www.suse.com/security/cve/CVE-2016-3138"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-3138",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970911 for CVE-2016-3138",
          "url": "https://bugzilla.suse.com/970911"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970970 for CVE-2016-3138",
          "url": "https://bugzilla.suse.com/970970"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-3138"
    },
    {
      "cve": "CVE-2016-3139",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3139"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3139",
          "url": "https://www.suse.com/security/cve/CVE-2016-3139"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-3139",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970909 for CVE-2016-3139",
          "url": "https://bugzilla.suse.com/970909"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-3139"
    },
    {
      "cve": "CVE-2016-3140",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3140"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3140",
          "url": "https://www.suse.com/security/cve/CVE-2016-3140"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-3140",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970892 for CVE-2016-3140",
          "url": "https://bugzilla.suse.com/970892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-3140"
    },
    {
      "cve": "CVE-2016-3156",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3156"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
          "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3156",
          "url": "https://www.suse.com/security/cve/CVE-2016-3156"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-3156",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 971360 for CVE-2016-3156",
          "url": "https://bugzilla.suse.com/971360"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-54.1.x86_64",
            "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-06-30T15:03:23Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-3156"
    }
  ]
}

CVE-2016-2185 (GCVE-0-2016-2185)

Vulnerability from cvelistv5

Published

2016-05-02 10:00

Modified

2024-08-05 23:24

Severity ?

CWE

Summary

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-2971-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/84341	vdb-entry, x_refsource_BID
	https://bugzilla.redhat.com/show_bug.cgi?id=1283363	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1317014	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2970-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1283362	x_refsource_CONFIRM
	http://seclists.org/bugtraq/2016/Mar/90	mailing-list, x_refsource_BUGTRAQ
	http://www.ubuntu.com/usn/USN-2969-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2968-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2971-3	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2971-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2968-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1	x_refsource_CONFIRM
	http://seclists.org/bugtraq/2016/Mar/116	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:24:48.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2971-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-2"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "84341",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84341"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
          },
          {
            "name": "SUSE-SU-2016:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
          },
          {
            "name": "USN-2970-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2970-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
          },
          {
            "name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Mar/90"
          },
          {
            "name": "USN-2969-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2969-1"
          },
          {
            "name": "USN-2968-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-1"
          },
          {
            "name": "USN-2971-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-3"
          },
          {
            "name": "USN-2997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2997-1"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-2971-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-1"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "USN-2996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2996-1"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "USN-2968-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-2"
          },
          {
            "name": "openSUSE-SU-2016:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
          },
          {
            "name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Mar/116"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2971-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-2"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "84341",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84341"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283363"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317014"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
        },
        {
          "name": "SUSE-SU-2016:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
        },
        {
          "name": "USN-2970-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2970-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283362"
        },
        {
          "name": "20160310 oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Mar/90"
        },
        {
          "name": "USN-2969-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2969-1"
        },
        {
          "name": "USN-2968-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-1"
        },
        {
          "name": "USN-2971-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-3"
        },
        {
          "name": "USN-2997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2997-1"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-2971-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-1"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "USN-2996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2996-1"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "USN-2968-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-2"
        },
        {
          "name": "openSUSE-SU-2016:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
        },
        {
          "name": "20160315 Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Mar/116"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2185",
    "datePublished": "2016-05-02T10:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:24:48.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8552 (GCVE-0-2015-8552)

Vulnerability from cvelistv5

Published

2016-04-13 15:00

Modified

2024-08-06 08:20

Severity ?

CWE

Summary

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

References

►

URL

Tags

	http://xenbits.xen.org/xsa/advisory-157.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034480	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201604-03	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3434	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/79546	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-157.html"
          },
          {
            "name": "1034480",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034480"
          },
          {
            "name": "openSUSE-SU-2016:2184",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "SUSE-SU-2016:1102",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "GLSA-201604-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201604-03"
          },
          {
            "name": "SUSE-SU-2016:2105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
          },
          {
            "name": "DSA-3434",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3434"
          },
          {
            "name": "79546",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79546"
          },
          {
            "name": "SUSE-SU-2016:1937",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
          },
          {
            "name": "SUSE-SU-2016:0911",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-157.html"
        },
        {
          "name": "1034480",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034480"
        },
        {
          "name": "openSUSE-SU-2016:2184",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "SUSE-SU-2016:1102",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "GLSA-201604-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201604-03"
        },
        {
          "name": "SUSE-SU-2016:2105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
        },
        {
          "name": "DSA-3434",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3434"
        },
        {
          "name": "79546",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79546"
        },
        {
          "name": "SUSE-SU-2016:1937",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
        },
        {
          "name": "SUSE-SU-2016:0911",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8552",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-157.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-157.html"
            },
            {
              "name": "1034480",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034480"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "SUSE-SU-2016:1102",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "GLSA-201604-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201604-03"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "DSA-3434",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3434"
            },
            {
              "name": "79546",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79546"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            },
            {
              "name": "SUSE-SU-2016:0911",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8552",
    "datePublished": "2016-04-13T15:00:00",
    "dateReserved": "2015-12-14T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2188 (GCVE-0-2016-2188)

Vulnerability from cvelistv5

Published

2016-05-02 10:00

Modified

2024-08-05 23:24

Severity ?

CWE

Summary

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-2971-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	https://www.exploit-db.com/exploits/39556/	exploit, x_refsource_EXPLOIT-DB
	http://seclists.org/bugtraq/2016/Mar/87	mailing-list, x_refsource_BUGTRAQ
	https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2970-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2969-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2968-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1317018	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2971-3	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2971-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2968-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0	x_refsource_CONFIRM
	http://seclists.org/bugtraq/2016/Mar/118	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:24:48.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2971-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-2"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "39556",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39556/"
          },
          {
            "name": "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Mar/87"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0"
          },
          {
            "name": "SUSE-SU-2016:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
          },
          {
            "name": "USN-2970-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2970-1"
          },
          {
            "name": "USN-2969-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2969-1"
          },
          {
            "name": "USN-2968-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018"
          },
          {
            "name": "USN-2971-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-3"
          },
          {
            "name": "USN-2997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2997-1"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "USN-2971-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-1"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "USN-2996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2996-1"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "USN-2968-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-2"
          },
          {
            "name": "openSUSE-SU-2016:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0"
          },
          {
            "name": "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Mar/118"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2971-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-2"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "39556",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39556/"
        },
        {
          "name": "20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Mar/87"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/4ec0ef3a82125efc36173062a50624550a900ae0"
        },
        {
          "name": "SUSE-SU-2016:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
        },
        {
          "name": "USN-2970-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2970-1"
        },
        {
          "name": "USN-2969-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2969-1"
        },
        {
          "name": "USN-2968-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317018"
        },
        {
          "name": "USN-2971-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-3"
        },
        {
          "name": "USN-2997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2997-1"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "USN-2971-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-1"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "USN-2996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2996-1"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "USN-2968-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-2"
        },
        {
          "name": "openSUSE-SU-2016:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0"
        },
        {
          "name": "20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Mar/118"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2188",
    "datePublished": "2016-05-02T10:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:24:48.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3138 (GCVE-0-2016-3138)

Vulnerability from cvelistv5

Published

2016-05-02 10:00

Modified

2024-08-05 23:47

Severity ?

CWE

Summary

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-2971-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2970-1	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2969-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2968-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2971-3	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2971-1	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2016/03/14/4	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2968-2	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1316204	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2971-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-2"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "SUSE-SU-2016:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
          },
          {
            "name": "USN-2970-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2970-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
          },
          {
            "name": "USN-2969-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2969-1"
          },
          {
            "name": "USN-2968-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-1"
          },
          {
            "name": "USN-2971-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-3"
          },
          {
            "name": "USN-2997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2997-1"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-2971-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-1"
          },
          {
            "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "USN-2996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2996-1"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "USN-2968-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
          },
          {
            "name": "openSUSE-SU-2016:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:49",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "USN-2971-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-2"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "SUSE-SU-2016:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
        },
        {
          "name": "USN-2970-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2970-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
        },
        {
          "name": "USN-2969-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2969-1"
        },
        {
          "name": "USN-2968-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-1"
        },
        {
          "name": "USN-2971-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-3"
        },
        {
          "name": "USN-2997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2997-1"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-2971-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-1"
        },
        {
          "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "USN-2996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2996-1"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "USN-2968-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
        },
        {
          "name": "openSUSE-SU-2016:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2016-3138",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2971-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
            },
            {
              "name": "USN-2969-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2969-1"
            },
            {
              "name": "USN-2968-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "USN-2971-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-3138",
    "datePublished": "2016-05-02T10:00:00",
    "dateReserved": "2016-03-13T00:00:00",
    "dateUpdated": "2024-08-05T23:47:57.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2847 (GCVE-0-2016-2847)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-05 23:32

Severity ?

CWE

Summary

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1313428	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2967-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2949-1	vendor-advisory, x_refsource_UBUNTU
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/83870	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2016/dsa-3503	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2947-3	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2967-2	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2016/03/01/3	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2016-2584.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2574.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2947-2	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2947-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2946-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0217.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2948-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2946-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2948-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:32:21.204Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313428"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52"
          },
          {
            "name": "USN-2967-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2967-1"
          },
          {
            "name": "SUSE-SU-2016:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
          },
          {
            "name": "USN-2949-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2949-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "83870",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83870"
          },
          {
            "name": "DSA-3503",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3503"
          },
          {
            "name": "USN-2947-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2947-3"
          },
          {
            "name": "USN-2967-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2967-2"
          },
          {
            "name": "[oss-security] 20160301 CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/03/01/3"
          },
          {
            "name": "RHSA-2016:2584",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
          },
          {
            "name": "RHSA-2016:2574",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
          },
          {
            "name": "USN-2947-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2947-2"
          },
          {
            "name": "USN-2947-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2947-1"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52"
          },
          {
            "name": "USN-2946-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2946-2"
          },
          {
            "name": "openSUSE-SU-2016:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "RHSA-2017:0217",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0217.html"
          },
          {
            "name": "USN-2948-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2948-1"
          },
          {
            "name": "USN-2946-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2946-1"
          },
          {
            "name": "USN-2948-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2948-2"
          },
          {
            "name": "SUSE-SU-2016:1937",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313428"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52"
        },
        {
          "name": "USN-2967-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2967-1"
        },
        {
          "name": "SUSE-SU-2016:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
        },
        {
          "name": "USN-2949-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2949-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "83870",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/83870"
        },
        {
          "name": "DSA-3503",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3503"
        },
        {
          "name": "USN-2947-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2947-3"
        },
        {
          "name": "USN-2967-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2967-2"
        },
        {
          "name": "[oss-security] 20160301 CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/03/01/3"
        },
        {
          "name": "RHSA-2016:2584",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
        },
        {
          "name": "RHSA-2016:2574",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
        },
        {
          "name": "USN-2947-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2947-2"
        },
        {
          "name": "USN-2947-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2947-1"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52"
        },
        {
          "name": "USN-2946-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2946-2"
        },
        {
          "name": "openSUSE-SU-2016:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "RHSA-2017:0217",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0217.html"
        },
        {
          "name": "USN-2948-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2948-1"
        },
        {
          "name": "USN-2946-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2946-1"
        },
        {
          "name": "USN-2948-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2948-2"
        },
        {
          "name": "SUSE-SU-2016:1937",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2847",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2016-03-06T00:00:00",
    "dateUpdated": "2024-08-05T23:32:21.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3140 (GCVE-0-2016-3140)

Vulnerability from cvelistv5

Published

2016-05-02 10:00

Modified

2024-08-05 23:47

Severity ?

CWE

Summary

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-2971-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	https://www.exploit-db.com/exploits/39537/	exploit, x_refsource_EXPLOIT-DB
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2970-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1316995	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2968-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2971-3	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3000-1	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2971-1	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2968-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/84304	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2016/03/14/6	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2971-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-2"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "39537",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39537/"
          },
          {
            "name": "SUSE-SU-2016:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
          },
          {
            "name": "USN-2970-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2970-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
          },
          {
            "name": "USN-2968-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-1"
          },
          {
            "name": "USN-2971-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-3"
          },
          {
            "name": "USN-2997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2997-1"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "USN-3000-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3000-1"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-2971-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "USN-2996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2996-1"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "USN-2968-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-2"
          },
          {
            "name": "openSUSE-SU-2016:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
          },
          {
            "name": "84304",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84304"
          },
          {
            "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:57",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "USN-2971-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-2"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "39537",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39537/"
        },
        {
          "name": "SUSE-SU-2016:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
        },
        {
          "name": "USN-2970-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2970-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
        },
        {
          "name": "USN-2968-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-1"
        },
        {
          "name": "USN-2971-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-3"
        },
        {
          "name": "USN-2997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2997-1"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "USN-3000-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3000-1"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-2971-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "USN-2996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2996-1"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "USN-2968-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-2"
        },
        {
          "name": "openSUSE-SU-2016:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
        },
        {
          "name": "84304",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84304"
        },
        {
          "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2016-3140",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2971-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "39537",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39537/"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316995"
            },
            {
              "name": "USN-2968-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "USN-2971-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-3000-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            },
            {
              "name": "84304",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84304"
            },
            {
              "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (digi_acceleport driver)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/03/14/6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-3140",
    "datePublished": "2016-05-02T10:00:00",
    "dateReserved": "2016-03-13T00:00:00",
    "dateUpdated": "2024-08-05T23:47:57.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3139 (GCVE-0-2016-3139)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-05 23:47

Severity ?

CWE

Summary

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

References

►

URL

Tags

	https://www.exploit-db.com/exploits/39538/	exploit, x_refsource_EXPLOIT-DB
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1316993	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1283377	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2016-3139	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1283375	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "39538",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39538/"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316993"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283377"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-3139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283375"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:1019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:16:07",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "39538",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39538/"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316993"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283377"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-3139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283375"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:1019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2016-3139",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "39538",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39538/"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316993",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316993"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283377",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283377"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2016-3139",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-3139"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283375",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283375"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:1019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-3139",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2016-03-13T00:00:00",
    "dateUpdated": "2024-08-05T23:47:57.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7566 (GCVE-0-2015-7566)

Vulnerability from cvelistv5

Published

2016-02-08 02:00

Modified

2024-08-06 07:51

Severity ?

CWE

Summary

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-2930-1	vendor-advisory, x_refsource_UBUNTU
	https://security-tracker.debian.org/tracker/CVE-2015-7566	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/82975	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-2967-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html	vendor-advisory, x_refsource_FEDORA
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2930-2	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1283371	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3503	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2967-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2930-3	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1296466	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/537733/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2929-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2932-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2948-1	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2016/dsa-3448	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2929-2	vendor-advisory, x_refsource_UBUNTU
	https://www.exploit-db.com/exploits/39540/	exploit, x_refsource_EXPLOIT-DB
	http://www.ubuntu.com/usn/USN-2948-2	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/cb3232138e37129e88240a98a1d2aba2187ff57c	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2930-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2930-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2015-7566"
          },
          {
            "name": "82975",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/82975"
          },
          {
            "name": "USN-2967-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2967-1"
          },
          {
            "name": "FEDORA-2016-26e19f042a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c"
          },
          {
            "name": "USN-2930-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2930-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283371"
          },
          {
            "name": "DSA-3503",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3503"
          },
          {
            "name": "USN-2967-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2967-2"
          },
          {
            "name": "FEDORA-2016-b59fd603be",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "USN-2930-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2930-3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296466"
          },
          {
            "name": "20160309 OS-S 2016-09 Linux visor clie_5_attach Nullpointer Dereference CVE-2015-7566",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/537733/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "USN-2929-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2929-1"
          },
          {
            "name": "USN-2932-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2932-1"
          },
          {
            "name": "FEDORA-2016-5d43766e33",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "name": "USN-2948-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2948-1"
          },
          {
            "name": "DSA-3448",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3448"
          },
          {
            "name": "USN-2929-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2929-2"
          },
          {
            "name": "39540",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39540/"
          },
          {
            "name": "USN-2948-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2948-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/cb3232138e37129e88240a98a1d2aba2187ff57c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2930-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2930-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2015-7566"
        },
        {
          "name": "82975",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/82975"
        },
        {
          "name": "USN-2967-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2967-1"
        },
        {
          "name": "FEDORA-2016-26e19f042a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c"
        },
        {
          "name": "USN-2930-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2930-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283371"
        },
        {
          "name": "DSA-3503",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3503"
        },
        {
          "name": "USN-2967-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2967-2"
        },
        {
          "name": "FEDORA-2016-b59fd603be",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "USN-2930-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2930-3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296466"
        },
        {
          "name": "20160309 OS-S 2016-09 Linux visor clie_5_attach Nullpointer Dereference CVE-2015-7566",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/537733/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "USN-2929-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2929-1"
        },
        {
          "name": "USN-2932-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2932-1"
        },
        {
          "name": "FEDORA-2016-5d43766e33",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "name": "USN-2948-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2948-1"
        },
        {
          "name": "DSA-3448",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3448"
        },
        {
          "name": "USN-2929-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2929-2"
        },
        {
          "name": "39540",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39540/"
        },
        {
          "name": "USN-2948-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2948-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/cb3232138e37129e88240a98a1d2aba2187ff57c"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-7566",
    "datePublished": "2016-02-08T02:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:28.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8816 (GCVE-0-2015-8816)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-06 08:29

Severity ?

CWE

Summary

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3503	vendor-advisory, x_refsource_DEBIAN
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/83363	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1311589	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://source.android.com/security/bulletin/2016-07-01.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/02/23/5	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:22.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "SUSE-SU-2016:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
          },
          {
            "name": "SUSE-SU-2016:1994",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "SUSE-SU-2016:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
          },
          {
            "name": "SUSE-SU-2016:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
          },
          {
            "name": "DSA-3503",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3503"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5"
          },
          {
            "name": "SUSE-SU-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
          },
          {
            "name": "SUSE-SU-2016:2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
          },
          {
            "name": "83363",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83363"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311589"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:1019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-07-01.html"
          },
          {
            "name": "SUSE-SU-2016:2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
          },
          {
            "name": "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/02/23/5"
          },
          {
            "name": "SUSE-SU-2016:2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "SUSE-SU-2016:1995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:2002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "SUSE-SU-2016:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
        },
        {
          "name": "SUSE-SU-2016:1994",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "SUSE-SU-2016:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
        },
        {
          "name": "SUSE-SU-2016:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
        },
        {
          "name": "DSA-3503",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3503"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5"
        },
        {
          "name": "SUSE-SU-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
        },
        {
          "name": "SUSE-SU-2016:2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
        },
        {
          "name": "83363",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/83363"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311589"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:1019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-07-01.html"
        },
        {
          "name": "SUSE-SU-2016:2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
        },
        {
          "name": "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/02/23/5"
        },
        {
          "name": "SUSE-SU-2016:2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "SUSE-SU-2016:1995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:2002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8816",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:2010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
            },
            {
              "name": "SUSE-SU-2016:1994",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "SUSE-SU-2016:1961",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
            },
            {
              "name": "SUSE-SU-2016:2001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
            },
            {
              "name": "DSA-3503",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3503"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5"
            },
            {
              "name": "SUSE-SU-2016:2006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
            },
            {
              "name": "SUSE-SU-2016:2014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
            },
            {
              "name": "83363",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/83363"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311589",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311589"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:1019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
            },
            {
              "name": "http://source.android.com/security/bulletin/2016-07-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-07-01.html"
            },
            {
              "name": "SUSE-SU-2016:2009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
            },
            {
              "name": "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/02/23/5"
            },
            {
              "name": "SUSE-SU-2016:2005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
            },
            {
              "name": "SUSE-SU-2016:2007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "SUSE-SU-2016:1995",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:2002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8816",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2016-02-23T00:00:00",
    "dateUpdated": "2024-08-06T08:29:22.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1339 (GCVE-0-2015-1339)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-06 04:40

Severity ?

CWE

Summary

Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2016/03/02/13	mailing-list, x_refsource_MLIST
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c5816b4beccc8ba709144539f6fdd764f8fa49c	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1314331	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/2c5816b4beccc8ba709144539f6fdd764f8fa49c	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.novell.com/show_bug.cgi?id=969356	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html	vendor-advisory, x_refsource_SUSE
	https://security-tracker.debian.org/tracker/CVE-2015-1339	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:40:18.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160302 CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/03/02/13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c5816b4beccc8ba709144539f6fdd764f8fa49c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314331"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/2c5816b4beccc8ba709144539f6fdd764f8fa49c"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=969356"
          },
          {
            "name": "openSUSE-SU-2016:1008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2015-1339"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T16:57:01",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "name": "[oss-security] 20160302 CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/03/02/13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c5816b4beccc8ba709144539f6fdd764f8fa49c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314331"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/2c5816b4beccc8ba709144539f6fdd764f8fa49c"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=969356"
        },
        {
          "name": "openSUSE-SU-2016:1008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2015-1339"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "ID": "CVE-2015-1339",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160302 CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/03/02/13"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c5816b4beccc8ba709144539f6fdd764f8fa49c",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c5816b4beccc8ba709144539f6fdd764f8fa49c"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1314331",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314331"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/2c5816b4beccc8ba709144539f6fdd764f8fa49c",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/2c5816b4beccc8ba709144539f6fdd764f8fa49c"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=969356",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=969356"
            },
            {
              "name": "openSUSE-SU-2016:1008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2015-1339",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2015-1339"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2015-1339",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2015-01-22T00:00:00",
    "dateUpdated": "2024-08-06T04:40:18.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2782 (GCVE-0-2016-2782)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-05 23:32

Severity ?

CWE

Summary

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2930-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2967-1	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2930-2	vendor-advisory, x_refsource_UBUNTU
	https://www.exploit-db.com/exploits/39539/	exploit, x_refsource_EXPLOIT-DB
	http://www.ubuntu.com/usn/USN-2967-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2930-3	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2016/02/28/9	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2929-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2932-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2948-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1312670	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2929-2	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2948-2	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:32:21.033Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "USN-2930-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2930-1"
          },
          {
            "name": "USN-2967-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2967-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
          },
          {
            "name": "USN-2930-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2930-2"
          },
          {
            "name": "39539",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39539/"
          },
          {
            "name": "USN-2967-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2967-2"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "USN-2930-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2930-3"
          },
          {
            "name": "[oss-security] 20160228 Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/02/28/9"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:1019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
          },
          {
            "name": "USN-2929-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2929-1"
          },
          {
            "name": "USN-2932-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2932-1"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "name": "USN-2948-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2948-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312670"
          },
          {
            "name": "USN-2929-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2929-2"
          },
          {
            "name": "USN-2948-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2948-2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "USN-2930-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2930-1"
        },
        {
          "name": "USN-2967-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2967-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
        },
        {
          "name": "USN-2930-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2930-2"
        },
        {
          "name": "39539",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39539/"
        },
        {
          "name": "USN-2967-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2967-2"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "USN-2930-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2930-3"
        },
        {
          "name": "[oss-security] 20160228 Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/02/28/9"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:1019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
        },
        {
          "name": "USN-2929-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2929-1"
        },
        {
          "name": "USN-2932-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2932-1"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "name": "USN-2948-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2948-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312670"
        },
        {
          "name": "USN-2929-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2929-2"
        },
        {
          "name": "USN-2948-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2948-2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2782",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2016-02-28T00:00:00",
    "dateUpdated": "2024-08-05T23:32:21.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2143 (GCVE-0-2016-2143)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-05 23:17

Severity ?

CWE

Summary

The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2766.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	https://security-tracker.debian.org/tracker/CVE-2016-2143	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-1539.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1"
          },
          {
            "name": "RHSA-2016:2766",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-2143"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "RHSA-2016:1539",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:1019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1"
        },
        {
          "name": "RHSA-2016:2766",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-2143"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "RHSA-2016:1539",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:1019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2143",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8551 (GCVE-0-2015-8551)

Vulnerability from cvelistv5

Published

2016-04-13 15:00

Modified

2024-08-06 08:20

Severity ?

CWE

Summary

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."

References

►

URL

Tags

	http://xenbits.xen.org/xsa/advisory-157.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034480	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201604-03	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3434	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/79546	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-157.html"
          },
          {
            "name": "1034480",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034480"
          },
          {
            "name": "openSUSE-SU-2016:2184",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "SUSE-SU-2016:1102",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "GLSA-201604-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201604-03"
          },
          {
            "name": "SUSE-SU-2016:2105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
          },
          {
            "name": "DSA-3434",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3434"
          },
          {
            "name": "79546",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79546"
          },
          {
            "name": "SUSE-SU-2016:1937",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
          },
          {
            "name": "SUSE-SU-2016:0911",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-157.html"
        },
        {
          "name": "1034480",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034480"
        },
        {
          "name": "openSUSE-SU-2016:2184",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "SUSE-SU-2016:1102",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "GLSA-201604-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201604-03"
        },
        {
          "name": "SUSE-SU-2016:2105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
        },
        {
          "name": "DSA-3434",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3434"
        },
        {
          "name": "79546",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79546"
        },
        {
          "name": "SUSE-SU-2016:1937",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
        },
        {
          "name": "SUSE-SU-2016:0911",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xenbits.xen.org/xsa/advisory-157.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-157.html"
            },
            {
              "name": "1034480",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034480"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "SUSE-SU-2016:1102",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "GLSA-201604-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201604-03"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "DSA-3434",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3434"
            },
            {
              "name": "79546",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79546"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            },
            {
              "name": "SUSE-SU-2016:0911",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8551",
    "datePublished": "2016-04-13T15:00:00",
    "dateReserved": "2015-12-14T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3137 (GCVE-0-2016-3137)

Vulnerability from cvelistv5

Published

2016-05-02 10:00

Modified

2024-08-05 23:47

Severity ?

CWE

Summary

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-2971-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/03/14/3	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1316996	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2970-1	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/84300	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-2968-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2971-3	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3000-1	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2971-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2968-2	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.272Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2971-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-2"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
          },
          {
            "name": "SUSE-SU-2016:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
          },
          {
            "name": "USN-2970-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2970-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
          },
          {
            "name": "84300",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84300"
          },
          {
            "name": "USN-2968-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-1"
          },
          {
            "name": "USN-2971-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-3"
          },
          {
            "name": "USN-2997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2997-1"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "USN-3000-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3000-1"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-2971-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-1"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "USN-2996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2996-1"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "USN-2968-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
          },
          {
            "name": "openSUSE-SU-2016:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:58",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "USN-2971-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-2"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
        },
        {
          "name": "SUSE-SU-2016:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
        },
        {
          "name": "USN-2970-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2970-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
        },
        {
          "name": "84300",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84300"
        },
        {
          "name": "USN-2968-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-1"
        },
        {
          "name": "USN-2971-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-3"
        },
        {
          "name": "USN-2997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2997-1"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "USN-3000-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3000-1"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-2971-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-1"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "USN-2996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2996-1"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "USN-2968-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
        },
        {
          "name": "openSUSE-SU-2016:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2016-3137",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2971-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "USN-2970-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
            },
            {
              "name": "84300",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84300"
            },
            {
              "name": "USN-2968-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "USN-2971-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-3000-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "USN-2968-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-3137",
    "datePublished": "2016-05-02T10:00:00",
    "dateReserved": "2016-03-13T00:00:00",
    "dateUpdated": "2024-08-05T23:47:57.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2184 (GCVE-0-2016-2184)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-05 23:17

Severity ?

CWE

Summary

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-2971-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://seclists.org/bugtraq/2016/Mar/89	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/84340	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-2970-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1317012	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2969-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2968-1	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2971-3	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2971-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html	vendor-advisory, x_refsource_SUSE
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2968-2	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be	x_refsource_CONFIRM
	https://source.android.com/security/bulletin/2016-11-01.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://seclists.org/bugtraq/2016/Mar/88	mailing-list, x_refsource_BUGTRAQ
	http://seclists.org/bugtraq/2016/Mar/102	mailing-list, x_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html	vendor-advisory, x_refsource_SUSE
	https://www.exploit-db.com/exploits/39555/	exploit, x_refsource_EXPLOIT-DB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2971-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-2"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "20160310 oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Mar/89"
          },
          {
            "name": "84340",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84340"
          },
          {
            "name": "USN-2970-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2970-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012"
          },
          {
            "name": "USN-2969-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2969-1"
          },
          {
            "name": "USN-2968-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be"
          },
          {
            "name": "USN-2971-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-3"
          },
          {
            "name": "USN-2997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2997-1"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-2971-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-1"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "USN-2996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2996-1"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:1019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
          },
          {
            "name": "USN-2968-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2016-11-01.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "name": "20160310 oss-2016-16: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Mar/88"
          },
          {
            "name": "20160314 Re: oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Mar/102"
          },
          {
            "name": "openSUSE-SU-2016:1008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
          },
          {
            "name": "39555",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39555/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2971-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-2"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "20160310 oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Mar/89"
        },
        {
          "name": "84340",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84340"
        },
        {
          "name": "USN-2970-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2970-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012"
        },
        {
          "name": "USN-2969-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2969-1"
        },
        {
          "name": "USN-2968-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be"
        },
        {
          "name": "USN-2971-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-3"
        },
        {
          "name": "USN-2997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2997-1"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-2971-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-1"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "USN-2996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2996-1"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:1019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
        },
        {
          "name": "USN-2968-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2016-11-01.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "name": "20160310 oss-2016-16: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Mar/88"
        },
        {
          "name": "20160314 Re: oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Mar/102"
        },
        {
          "name": "openSUSE-SU-2016:1008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
        },
        {
          "name": "39555",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39555/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2184",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2186 (GCVE-0-2016-2186)

Vulnerability from cvelistv5

Published

2016-05-02 10:00

Modified

2024-08-05 23:24

Severity ?

CWE

Summary

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-2971-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/84337	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2970-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1317015	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2969-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2968-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2971-3	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://seclists.org/bugtraq/2016/Mar/117	mailing-list, x_refsource_BUGTRAQ
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2971-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2968-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://seclists.org/bugtraq/2016/Mar/85	mailing-list, x_refsource_BUGTRAQ
	https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:24:48.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2971-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-2"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f"
          },
          {
            "name": "84337",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84337"
          },
          {
            "name": "SUSE-SU-2016:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
          },
          {
            "name": "USN-2970-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2970-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317015"
          },
          {
            "name": "USN-2969-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2969-1"
          },
          {
            "name": "USN-2968-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-1"
          },
          {
            "name": "USN-2971-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-3"
          },
          {
            "name": "USN-2997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2997-1"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Mar/117"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-2971-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-1"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "USN-2996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2996-1"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "USN-2968-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-2"
          },
          {
            "name": "openSUSE-SU-2016:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "name": "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Mar/85"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2971-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-2"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c6ba456711687b794dcf285856fc14e2c76074f"
        },
        {
          "name": "84337",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84337"
        },
        {
          "name": "SUSE-SU-2016:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
        },
        {
          "name": "USN-2970-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2970-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317015"
        },
        {
          "name": "USN-2969-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2969-1"
        },
        {
          "name": "USN-2968-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-1"
        },
        {
          "name": "USN-2971-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-3"
        },
        {
          "name": "USN-2997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2997-1"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "20160315 Re: oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Mar/117"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-2971-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-1"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "USN-2996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2996-1"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "USN-2968-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-2"
        },
        {
          "name": "openSUSE-SU-2016:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "name": "20160310 oss-2016-13: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Mar/85"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/9c6ba456711687b794dcf285856fc14e2c76074f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2186",
    "datePublished": "2016-05-02T10:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:24:48.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3156 (GCVE-0-2016-3156)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-05 23:47

Severity ?

CWE

Summary

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-2971-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1318172	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2970-1	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2969-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2968-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-2584.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2574.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2971-3	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2971-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2968-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/84428	vdb-entry, x_refsource_BID
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/03/15/3	mailing-list, x_refsource_MLIST
	https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2971-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-2"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172"
          },
          {
            "name": "USN-2970-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2970-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "USN-2969-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2969-1"
          },
          {
            "name": "USN-2968-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-1"
          },
          {
            "name": "RHSA-2016:2584",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
          },
          {
            "name": "RHSA-2016:2574",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
          },
          {
            "name": "USN-2971-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-3"
          },
          {
            "name": "USN-2997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2997-1"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-2971-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2971-1"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "USN-2996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2996-1"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:1019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
          },
          {
            "name": "USN-2968-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2968-2"
          },
          {
            "name": "openSUSE-SU-2016:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "name": "84428",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84428"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "[oss-security] 20160315 CVE request: ipv4: Don\u0027t do expensive useless work during inetdev destroy",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/03/15/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-2971-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-2"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172"
        },
        {
          "name": "USN-2970-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2970-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "USN-2969-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2969-1"
        },
        {
          "name": "USN-2968-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-1"
        },
        {
          "name": "RHSA-2016:2584",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
        },
        {
          "name": "RHSA-2016:2574",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
        },
        {
          "name": "USN-2971-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-3"
        },
        {
          "name": "USN-2997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2997-1"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-2971-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2971-1"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "USN-2996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2996-1"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:1019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
        },
        {
          "name": "USN-2968-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2968-2"
        },
        {
          "name": "openSUSE-SU-2016:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "name": "84428",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84428"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "[oss-security] 20160315 CVE request: ipv4: Don\u0027t do expensive useless work during inetdev destroy",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/03/15/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3156",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2971-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-2"
            },
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172"
            },
            {
              "name": "USN-2970-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2970-1"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "USN-2969-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2969-1"
            },
            {
              "name": "USN-2968-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2968-1"
            },
            {
              "name": "RHSA-2016:2584",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
            },
            {
              "name": "RHSA-2016:2574",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
            },
            {
              "name": "USN-2971-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-3"
            },
            {
              "name": "USN-2997-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-2971-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2971-1"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "USN-2996-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:1019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
            },
            {
              "name": "USN-2968-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2968-2"
            },
            {
              "name": "openSUSE-SU-2016:1382",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "84428",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84428"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "[oss-security] 20160315 CVE request: ipv4: Don\u0027t do expensive useless work during inetdev destroy",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/03/15/3"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3156",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:47:57.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2016:1707-1

Vulnerability from csaf_suse

CVE-2016-2185 (GCVE-0-2016-2185)

Vulnerability from cvelistv5

CVE-2015-8552 (GCVE-0-2015-8552)

Vulnerability from cvelistv5

CVE-2016-2188 (GCVE-0-2016-2188)

Vulnerability from cvelistv5

CVE-2016-3138 (GCVE-0-2016-3138)

Vulnerability from cvelistv5

CVE-2016-2847 (GCVE-0-2016-2847)

Vulnerability from cvelistv5

CVE-2016-3140 (GCVE-0-2016-3140)

Vulnerability from cvelistv5

CVE-2016-3139 (GCVE-0-2016-3139)

Vulnerability from cvelistv5

CVE-2015-7566 (GCVE-0-2015-7566)

Vulnerability from cvelistv5

CVE-2015-8816 (GCVE-0-2015-8816)

Vulnerability from cvelistv5

CVE-2015-1339 (GCVE-0-2015-1339)

Vulnerability from cvelistv5

CVE-2016-2782 (GCVE-0-2016-2782)

Vulnerability from cvelistv5

CVE-2016-2143 (GCVE-0-2016-2143)

Vulnerability from cvelistv5

CVE-2015-8551 (GCVE-0-2015-8551)

Vulnerability from cvelistv5

CVE-2016-3137 (GCVE-0-2016-3137)

Vulnerability from cvelistv5

CVE-2016-2184 (GCVE-0-2016-2184)

Vulnerability from cvelistv5

CVE-2016-2186 (GCVE-0-2016-2186)

Vulnerability from cvelistv5

CVE-2016-3156 (GCVE-0-2016-3156)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature