CVE-2016-2384
published 2016-04-27CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause…
PriorityP425medium4.6CVSS 3.0
AVPACLPRNUINSUCNINAH
EXPLOIT
EPSS
3.72%
88.4th percentile
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.4.2-1 (bookworm) | linux 4.4.2-1 (bookworm) |
| linux | linux_kernel | <= 4.4.8 | — |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 3.13.0-83.127 | 3.13.0-83.127 |
| novell | suse_linux_enterprise_real_time_extension | — | — |
CVSS provenance
nvdv3.04.6MEDIUMCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv6.2MEDIUM
vendor_ubuntu6.2MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7h8g-mrh3-v7rc: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi
ghsa_unreviewed·2022-05-14
CVE-2016-2384 [MEDIUM] GHSA-7h8g-mrh3-v7rc: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
OSV
CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi
osv·2016-04-27·CVSS 4.6
CVE-2016-2384 [MEDIUM] CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
OSV
linux-lts-wily vulnerabilities
osv·2016-03-14·CVSS 4.6
CVE-2016-3134 [MEDIUM] linux-lts-wily vulnerabilities
linux-lts-wily vulnerabilities
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with p
OSV
linux-lts-vivid vulnerabilities
osv·2016-03-14·CVSS 6.2
CVE-2016-3134 [MEDIUM] linux-lts-vivid vulnerabilities
linux-lts-vivid vulnerabilities
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ralf
OSV
linux-lts-utopic vulnerabilities
osv·2016-03-14·CVSS 6.2
CVE-2016-3134 [MEDIUM] linux-lts-utopic vulnerabilities
linux-lts-utopic vulnerabilities
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that a race condition existed when handling heartbeat-
timeout events in the SCTP implementation of the Linux kernel. A remote
attacker could use this to cause a denial of service. (CVE-2015-8767)
Andy Lutomirski discovered a race
OSV
linux vulnerabilities
osv·2016-03-14·CVSS 6.2
CVE-2016-3134 [MEDIUM] linux vulnerabilities
linux vulnerabilities
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ralf Spenneber
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities
vendor_ubuntu·2016-03-16·CVSS 4.6
CVE-2015-7566 [MEDIUM] Linux kernel (Raspberry Pi 2) vulnerabilities
Title: Linux kernel (Raspberry Pi 2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel
Ubuntu
Linux kernel (Wily HWE) vulnerabilities
vendor_ubuntu·2016-03-14·CVSS 4.6
CVE-2015-7566 [MEDIUM] Linux kernel (Wily HWE) vulnerabilities
Title: Linux kernel (Wily HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did no
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2016-03-14·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-03-14·CVSS 4.6
CVE-2015-7566 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-03-14·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities
vendor_ubuntu·2016-03-14·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel (Vivid HWE) vulnerabilities
Title: Linux kernel (Vivid HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical
Ubuntu
Linux kernel (OMAP4) vulnerability
vendor_ubuntu·2016-03-14
CVE-2016-2384 Linux kernel (OMAP4) vulnerability
Title: Linux kernel (OMAP4) vulnerability
Summary: The system could be made to crash or run programs as an administrator
by someone with physical access.
Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly
performed a double-free. A local attacker with physical access could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code with administrative privileges.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(
Ubuntu
Linux kernel vulnerability
vendor_ubuntu·2016-03-14
CVE-2016-2384 Linux kernel vulnerability
Title: Linux kernel vulnerability
Summary: The system could be made to crash or run programs as an administrator by
someone with physical access.
Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly
performed a double-free. A local attacker with physical access could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code with administrative privileges.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. lin
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities
vendor_ubuntu·2016-03-14·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel (Utopic HWE) vulnerabilities
Title: Linux kernel (Utopic HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
It was discovered that a race condition existed when handling heartbeat-
timeout events in the SCTP implementation of the Linux kernel. A remote
attacker could use this to c
Red Hat
kernel: double-free in usb-audio triggered by invalid USB descriptor
vendor_redhat·2016-02-14·CVSS 4.6
CVE-2016-2384 [MEDIUM] CWE-416 kernel: double-free in usb-audio triggered by invalid USB descriptor
kernel: double-free in usb-audio triggered by invalid USB descriptor
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges.
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the code with the flaw is not present in the products listed.
This issue affects the Linux kernel packages as shipped with Re
Debian
CVE-2016-2384: linux - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c...
vendor_debian·2016·CVSS 4.6
CVE-2016-2384 [MEDIUM] CVE-2016-2384: linux - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c...
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
Scope: local
bookworm: resolved (fixed in 4.4.2-1)
bullseye: resolved (fixed in 4.4.2-1)
forky: resolved (fixed in 4.4.2-1)
sid: resolved (fixed in 4.4.2-1)
trixie: resolved (fixed in 4.4.2-1)
No detection rules found.
Bugzilla
CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor [fedora-all]
bugzilla·2016-02-15·CVSS 4.6
CVE-2016-2384 [MEDIUM] CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor [fedora-all]
CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
Bugzilla
CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor
bugzilla·2016-02-15·CVSS 4.6
CVE-2016-2384 [MEDIUM] CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor
CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor
Description:
A vulnerability was found in the Linux kernel. There is a possibility of double-free on 'umidi' object. The 'umidi' object will be free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface causing the system panic.
Upstream report and fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7
External reference:
https://lkml.org/lkml/2016/2/13/11
http://seclists.org/oss-sec/2016/q1/331
CVE assignment:
http://seclists.org/oss-sec/2016/q1/334
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1308445]
---
Statement:
This issue does not affect the Linux kernel pack
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2574.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2584.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0817.htmlhttp://www.debian.org/security/2016/dsa-3503http://www.openwall.com/lists/oss-security/2016/02/14/2http://www.securityfocus.com/bid/83256http://www.securitytracker.com/id/1035072http://www.ubuntu.com/usn/USN-2928-1http://www.ubuntu.com/usn/USN-2928-2http://www.ubuntu.com/usn/USN-2929-1http://www.ubuntu.com/usn/USN-2929-2http://www.ubuntu.com/usn/USN-2930-1http://www.ubuntu.com/usn/USN-2930-2http://www.ubuntu.com/usn/USN-2930-3http://www.ubuntu.com/usn/USN-2931-1http://www.ubuntu.com/usn/USN-2932-1https://bugzilla.redhat.com/show_bug.cgi?id=1308444https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2574.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2584.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0817.htmlhttp://www.debian.org/security/2016/dsa-3503http://www.openwall.com/lists/oss-security/2016/02/14/2http://www.securityfocus.com/bid/83256http://www.securitytracker.com/id/1035072http://www.ubuntu.com/usn/USN-2928-1http://www.ubuntu.com/usn/USN-2928-2http://www.ubuntu.com/usn/USN-2929-1http://www.ubuntu.com/usn/USN-2929-2http://www.ubuntu.com/usn/USN-2930-1http://www.ubuntu.com/usn/USN-2930-2http://www.ubuntu.com/usn/USN-2930-3http://www.ubuntu.com/usn/USN-2931-1http://www.ubuntu.com/usn/USN-2932-1https://bugzilla.redhat.com/show_bug.cgi?id=1308444https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384
2016-04-27
Published