CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows…

medium6.8CVSS 3.1

AVPACLPRNUINSUCHIHAH

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

Affected

28 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	linux	< linux 4.4.2-1 (bookworm)	linux 4.4.2-1 (bookworm)
google	android	—	—
linux	linux_kernel	>= 0 < 4.4.2-1	4.4.2-1
linux	linux_kernel	>= 0 < 4.4.2-1	4.4.2-1
linux	linux_kernel	>= 0 < 4.4.2-1	4.4.2-1
linux	linux_kernel	>= 0 < 4.4.2-1	4.4.2-1
linux	linux_kernel	>= 2.6.28 < 3.2.76	3.2.76
linux	linux_kernel	>= 3.11 < 3.12.58	3.12.58
linux	linux_kernel	>= 3.13 < 3.14.76	3.14.76
linux	linux_kernel	>= 3.15 < 3.16.35	3.16.35
linux	linux_kernel	>= 3.17 < 3.18.27	3.18.27
linux	linux_kernel	>= 3.19 < 4.1.17	4.1.17
linux	linux_kernel	>= 3.3 < 3.4.113	3.4.113
linux	linux_kernel	>= 3.5 < 3.10.103	3.10.103
linux	linux_kernel	>= 4.2 < 4.3.5	4.3.5
novell	suse_linux_enterprise_debuginfo	—	—
novell	suse_linux_enterprise_desktop	—	—
novell	suse_linux_enterprise_live_patching	—	—
novell	suse_linux_enterprise_module_for_public_cloud	—	—
novell	suse_linux_enterprise_real_time_extension	—	—
novell	suse_linux_enterprise_real_time_extension	—	—
novell	suse_linux_enterprise_server	—	—
novell	suse_linux_enterprise_server	—	—
novell	suse_linux_enterprise_software_development_kit	—	—
novell	suse_linux_enterprise_software_development_kit	—	—

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv6.8MEDIUM