CVE-2016-2187

CWE-476NULL Pointer Dereference21 documents8 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 92.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux Linux KernelCanonical Ubuntu LinuxNovell Suse Linux Enterprise Debuginfo+2 more
Timeline
PublishedMay 2
Latest updateMay 17

Description

The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages5 packages

Debianlinux< 4.5.2-1+3

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-jvr2-gxmf-hh6m: The gtco_probe function in drivers/input/tablet/gtco2022-05-17
CVEList
CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco2016-05-02
OSV
CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco2016-05-02

📋Vendor Advisories

14
Ubuntu
Linux kernel vulnerabilities2016-06-10
Ubuntu
Linux kernel (OMAP4) vulnerabilities2016-06-10
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2016-06-10
Ubuntu
Linux kernel vulnerabilities2016-06-10
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities2016-06-10

💬Community

3
Bugzilla
CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3137 CVE-2016-3136 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 kernel: various crashes on invalid usb device descriptors [f2016-03-11
Bugzilla
CVE-2016-2187 kernel: Kernel panic on invalid USB device descriptor (gtco driver)2016-03-11
Bugzilla
CVE-2016-2187 Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (gtco driver) [local-DoS]2015-11-18
CVE-2016-2187 (MEDIUM CVSS 4.6) | The gtco_probe function in drivers/ | cvebase.io