CVE-2016-3137

CWE-476NULL Pointer Dereference23 documents9 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 94.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Linux Linux KernelCanonical Ubuntu LinuxNovell Suse Linux Enterprise Debuginfo+7 more
Timeline
PublishedMay 2
Latest updateMay 17

Description

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages10 packages

Debianlinux< 4.5.1-1+3

Also affects: Ubuntu Linux 12.04, 14.04

🔴Vulnerability Details

4
GHSA
GHSA-mmxf-q66r-jgpq: drivers/usb/serial/cypress_m82022-05-17
OSV
CVE-2016-3137: drivers/usb/serial/cypress_m82016-05-02
CVEList
CVE-2016-3137: drivers/usb/serial/cypress_m82016-05-02
Kernel
USB: cypress_m8: add endpoint sanity check2016-03-31

📋Vendor Advisories

15
Ubuntu
Linux kernel (OMAP4) vulnerabilities2016-06-10
Ubuntu
Linux kernel vulnerabilities2016-06-10
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities2016-06-10
Ubuntu
Linux kernel (Wily HWE) vulnerabilities2016-05-09
Ubuntu
Linux kernel vulnerabilities2016-05-09

💬Community

3
Bugzilla
CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3137 CVE-2016-3136 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 kernel: various crashes on invalid usb device descriptors [f2016-03-11
Bugzilla
CVE-2016-3137 kernel: Crash on invalid USB device descriptors (cypress_m8 driver)2016-03-11
Bugzilla
CVE-2016-3137 Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (cypress_m8 driver) [local-DoS]2015-11-18