CVE-2015-7833NULL Pointer Dereference in Suse Linux Enterprise Real Time Extension

CWE-17CWE-476NULL Pointer Dereference19 documents8 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 60.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelNovell Suse Linux Enterprise Real Time ExtensionRedhat Enterprise Linux
Timeline
PublishedOct 19
Latest updateMay 17

Description

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages2 packages

Debianlinux/linux_kernel< 4.2.6-2+3

Also affects: Enterprise Linux 7.1

🔴Vulnerability Details

5
GHSA
GHSA-w2rm-wmhp-cvj7: The usbvision driver in the Linux kernel package 32022-05-17
OSV
linux-lts-wily vulnerabilities2016-04-06
OSV
linux-lts-utopic vulnerabilities2016-04-06
CVEList
CVE-2015-7833: The usbvision driver in the Linux kernel package 32015-10-19
OSV
CVE-2015-7833: The usbvision driver in the Linux kernel package 32015-10-19

📋Vendor Advisories

11
Ubuntu
Linux kernel vulnerabilities2016-05-09
Ubuntu
Linux kernel (OMAP4) vulnerabilities2016-05-09
Ubuntu
Linux kernel (Wily HWE) vulnerabilities2016-04-06
Ubuntu
Linux kernel vulnerabilities2016-04-06
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities2016-04-06

💬Community

2
Bugzilla
CVE-2015-7833 kernel: usbvision: crash on invalid USB device descriptors2015-10-09
Bugzilla
CVE-2015-7833 kernel: usbvision: crash on invalid USB device descriptors [fedora-all]2015-10-09
CVE-2015-7833 — NULL Pointer Dereference | cvebase