CVE-2015-7515
published 2016-04-27CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service…
PriorityP422medium4.6CVSS 3.1
AVPACLPRNUINSUCNINAH
EXPLOIT
EPSS
1.80%
75.8th percentile
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.4.2-1 (bookworm) | linux 4.4.2-1 (bookworm) |
| linux | linux_kernel | < 4.4 | 4.4 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 3.13.0-86.130 | 3.13.0-86.130 |
CVSS provenance
nvdv3.14.6MEDIUMCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv7.2HIGH
vendor_ubuntu7.2HIGH
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2cqh-7j4m-cjvm: The aiptek_probe function in drivers/input/tablet/aiptek
ghsa_unreviewed·2022-05-13
CVE-2015-7515 [MEDIUM] CWE-476 GHSA-2cqh-7j4m-cjvm: The aiptek_probe function in drivers/input/tablet/aiptek
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
OSV
linux vulnerabilities
osv·2016-05-09·CVSS 7.2
CVE-2015-7515 [HIGH] linux vulnerabilities
linux vulnerabilities
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2015-8830)
It was discovered that the Linux kernel did not keep accurate track of pipe
buffer details when error conditions occurred, due to an incomplete fix for
CVE-2015-1805. A local attacker could use this to c
OSV
linux-lts-wily vulnerabilities
osv·2016-05-09·CVSS 4.6
CVE-2015-7515 [MEDIUM] linux-lts-wily vulnerabilities
linux-lts-wily vulnerabilities
USN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Zach Riggle discovered that the Linux kernel's list poison feature did not
take into account the mmap_min_addr value. A local attacker could use this
to bypass the kernel's poison-pointer protection mechanism while attempting
to exploit an existing kernel vulnerability. (CVE-2016-0821)
Ralf Spenneberg discover
OSV
linux-lts-vivid vulnerabilities
osv·2016-05-09·CVSS 4.6
CVE-2015-7515 [MEDIUM] linux-lts-vivid vulnerabilities
linux-lts-vivid vulnerabilities
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2015-8830)
Zach Riggle discovered that the Linux kernel's list poison feature did not
take into account the mmap_min_addr value. A local attacker could use this
to bypass the kernel's poison-pointer prote
OSV
linux-lts-utopic vulnerabilities
osv·2016-05-09·CVSS 4.6
CVE-2015-7515 [MEDIUM] linux-lts-utopic vulnerabilities
linux-lts-utopic vulnerabilities
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2015-8830)
Zach Riggle discovered that the Linux kernel's list poison feature did not
take into account the mmap_min_addr value. A local attacker could use this
to bypass the kernel's poison-pointer prot
OSV
CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek
osv·2016-04-27·CVSS 4.6
CVE-2015-7515 [MEDIUM] CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
Ubuntu
Linux kernel (Wily HWE) vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 4.6
CVE-2015-7515 [MEDIUM] Linux kernel (Wily HWE) vulnerabilities
Title: Linux kernel (Wily HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
USN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Zach Riggle discovered that the Linux kernel's list poison feature did not
take into account the mmap_min_addr value. A local attacker could use this
to bypass the kernel's poison-pointer protection mechanism while attempting
to exploit
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 7.2
CVE-2015-7515 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2015-8830)
It was discovered that the Linux kernel did not keep accurate track of pipe
buffer details when error conditions occurred, due to
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 4.6
CVE-2015-7515 [MEDIUM] Linux kernel (Utopic HWE) vulnerabilities
Title: Linux kernel (Utopic HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2015-8830)
Zach Riggle discovered that the Linux kernel's list poison feature did not
take into account the mmap_min_addr value
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ral
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 4.6
CVE-2015-7515 [MEDIUM] Linux kernel (Vivid HWE) vulnerabilities
Title: Linux kernel (Vivid HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2015-8830)
Zach Riggle discovered that the Linux kernel's list poison feature did not
take into account the mmap_min_addr value.
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 7.2
CVE-2015-7515 [HIGH] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu
14.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for
Ubuntu 12.04 LTS.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-75
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 4.6
CVE-2015-7515 [MEDIUM] Linux kernel (Raspberry Pi 2) vulnerabilities
Title: Linux kernel (Raspberry Pi 2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Zach Riggle discovered that the Linux kernel's list poison feature did not
take into account the mmap_min_addr value. A local attacker could use this
to bypass the kernel's poison-pointer protection mechanism while attempting
to exploit an existing kernel vulnerability. (CVE-2016-0821)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physi
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 4.6
CVE-2015-7515 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Zach Riggle discovered that the Linux kernel's list poison feature did not
take into account the mmap_min_addr value. A local attacker could use this
to bypass the kernel's poison-pointer protection mechanism while attempting
to exploit an existing kernel vulnerability. (CVE-2016-0821)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could
Red Hat
kernel: aiptek: crash on invalid USB device descriptors
vendor_redhat·2015-11-25·CVSS 4.6
CVE-2015-7515 [MEDIUM] CWE-476 kernel: aiptek: crash on invalid USB device descriptors
kernel: aiptek: crash on invalid USB device descriptors
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
An out-of-bounds memory access flaw was found in the Linux kernel's aiptek USB tablet driver (aiptek_probe() function in drivers/input/tablet/aiptek.c). The driver assumed that the interface always had at least one endpoint. By using a specially crafted USB device with no endpoints on one of its interfaces, an unprivileged user with physical access to the system could trigger a kernel NULL pointer dereference, causing the system to panic.
Statement: This issue affects the Linux kernel pac
Debian
CVE-2015-7515: linux - The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel b...
vendor_debian·2015·CVSS 4.6
CVE-2015-7515 [MEDIUM] CVE-2015-7515: linux - The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel b...
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
Scope: local
bookworm: resolved (fixed in 4.4.2-1)
bullseye: resolved (fixed in 4.4.2-1)
forky: resolved (fixed in 4.4.2-1)
sid: resolved (fixed in 4.4.2-1)
trixie: resolved (fixed in 4.4.2-1)
No detection rules found.
Bugzilla
CVE-2015-7515 kernel: aiptek: crash on invalid USB device descriptors [fedora-all]
bugzilla·2015-11-25·CVSS 4.6
CVE-2015-7515 [MEDIUM] CVE-2015-7515 kernel: aiptek: crash on invalid USB device descriptors [fedora-all]
CVE-2015-7515 kernel: aiptek: crash on invalid USB device descriptors [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported version
Bugzilla
CVE-2015-7515 kernel: aiptek: crash on invalid USB device descriptors
bugzilla·2015-11-25·CVSS 4.6
CVE-2015-7515 [MEDIUM] CVE-2015-7515 kernel: aiptek: crash on invalid USB device descriptors
CVE-2015-7515 kernel: aiptek: crash on invalid USB device descriptors
An out-of-bounds memory access flaw was found in aiptek USB tablet driver in aiptek_probe() function in drivers/input/tablet/aiptek.c. The driver assumes that the interface always has at least one endpoint. By using a specially crafted USB device with no endpoints on one of its interfaces an unprivileged user with a physical access to the system can trigger a kernel NULL pointer dereference causing the system to panic.
Acknowledgements:
Red Hat would like to thank Ralf Spenneberg of OpenSource Security for reporting this issue.
References:
Proposed upstream patch: http://www.spinics.net/lists/linux-input/msg42294.html
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf
Bugzilla
CVE-2015-7515 Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (aiptek driver) [local-DoS]
bugzilla·2015-11-18·CVSS 4.6
CVE-2015-7515 [MEDIUM] CVE-2015-7515 Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (aiptek driver) [local-DoS]
CVE-2015-7515 Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (aiptek driver) [local-DoS]
Created attachment 1096204
Reproduce Key for vUSBf framework
Description of problem:
Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid
USB device descriptors (aiptek driver) [local-DoS]
Version-Release number of selected component (if applicable):
3.10.0-229.20.1.el7.x86_64
How reproducible:
always
Advisory:
```
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
[email protected]
Date: November 12th, 2015
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid
USB device des
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://www.debian.org/security/2016/dsa-3607http://www.securityfocus.com/bid/84288http://www.ubuntu.com/usn/USN-2967-1http://www.ubuntu.com/usn/USN-2967-2http://www.ubuntu.com/usn/USN-2968-1http://www.ubuntu.com/usn/USN-2968-2http://www.ubuntu.com/usn/USN-2969-1http://www.ubuntu.com/usn/USN-2970-1http://www.ubuntu.com/usn/USN-2971-1http://www.ubuntu.com/usn/USN-2971-2http://www.ubuntu.com/usn/USN-2971-3https://bugzilla.redhat.com/show_bug.cgi?id=1285326https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96https://security-tracker.debian.org/tracker/CVE-2015-7515https://www.exploit-db.com/exploits/39544/http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://www.debian.org/security/2016/dsa-3607http://www.securityfocus.com/bid/84288http://www.ubuntu.com/usn/USN-2967-1http://www.ubuntu.com/usn/USN-2967-2http://www.ubuntu.com/usn/USN-2968-1http://www.ubuntu.com/usn/USN-2968-2http://www.ubuntu.com/usn/USN-2969-1http://www.ubuntu.com/usn/USN-2970-1http://www.ubuntu.com/usn/USN-2971-1http://www.ubuntu.com/usn/USN-2971-2http://www.ubuntu.com/usn/USN-2971-3https://bugzilla.redhat.com/show_bug.cgi?id=1285326https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96https://security-tracker.debian.org/tracker/CVE-2015-7515https://www.exploit-db.com/exploits/39544/
2016-04-27
Published