CVE-2016-3955
published 2016-07-03CVE-2016-3955: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
25.93%
97.7th percentile
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.5.2-1 (bookworm) | linux 4.5.2-1 (bookworm) |
| linux | linux_kernel | < 3.2.80 | 3.2.80 |
| linux | linux_kernel | >= 0 < 4.5.2-1 | 4.5.2-1 |
| linux | linux_kernel | >= 0 < 4.5.2-1 | 4.5.2-1 |
| linux | linux_kernel | >= 0 < 4.5.2-1 | 4.5.2-1 |
| linux | linux_kernel | >= 0 < 4.5.2-1 | 4.5.2-1 |
| linux | linux_kernel | >= 0 < 3.13.0-87.133 | 3.13.0-87.133 |
| linux | linux_kernel | >= 0 < 4.4.0-22.39 | 4.4.0-22.39 |
| linux | linux_kernel | >= 3.11 < 3.12.59 | 3.12.59 |
| linux | linux_kernel | >= 3.13 < 3.14.68 | 3.14.68 |
| linux | linux_kernel | >= 3.17 < 3.18.37 | 3.18.37 |
| linux | linux_kernel | >= 3.19 < 4.1.28 | 4.1.28 |
| linux | linux_kernel | >= 3.3 < 3.10.102 | 3.10.102 |
| linux | linux_kernel | >= 4.2 < 4.4.9 | 4.4.9 |
| linux | linux_kernel | >= 4.5 < 4.5.3 | 4.5.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu8.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2016-06-10·CVSS 7.8
CVE-2016-1583 [HIGH] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of service (system crash).
(CVE-2016-2184)
Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the
Linux kernel did not properly validate USB
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-06-10·CVSS 7.8
CVE-2016-1583 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of service (system crash).
(CVE-2016-2184)
Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the
Linux kernel did not properly validate USB device d
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities
vendor_ubuntu·2016-06-10·CVSS 8.5
CVE-2015-4004 [HIGH] Linux kernel (Vivid HWE) vulnerabilities
Title: Linux kernel (Vivid HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities
vendor_ubuntu·2016-06-10·CVSS 8.5
CVE-2015-4004 [HIGH] Linux kernel (Utopic HWE) vulnerabilities
Title: Linux kernel (Utopic HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux
Ubuntu
Linux kernel (Wily HWE) vulnerabilities
vendor_ubuntu·2016-06-10·CVSS 8.5
CVE-2015-4004 [HIGH] Linux kernel (Wily HWE) vulnerabilities
Title: Linux kernel (Wily HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux k
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-06-10·CVSS 8.5
CVE-2015-4004 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux kernel. A re
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities
vendor_ubuntu·2016-06-10·CVSS 8.5
CVE-2015-4004 [HIGH] Linux kernel (Raspberry Pi 2) vulnerabilities
Title: Linux kernel (Raspberry Pi 2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the L
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2016-06-10·CVSS 8.5
CVE-2015-4004 [HIGH] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-06-01·CVSS 8.5
CVE-2015-4004 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux kernel. A remote attacker could use
this to cause a denial of service (system crash) or obtain potentially
sensitive information from kernel memory. (CVE-2015-4004)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2016-05-06·CVSS 4.6
CVE-2016-2184 [MEDIUM] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not properly reference count file
descriptors, leading to a use-after-free. A local unprivileged attacker
could use this to gain administrative privileges. (CVE-2016-4557)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of
Ubuntu
Linux kernel (Qualcomm Snapdragon) vulnerability
vendor_ubuntu·2016-05-06·CVSS 4.6
CVE-2016-4557 [MEDIUM] Linux kernel (Qualcomm Snapdragon) vulnerability
Title: Linux kernel (Qualcomm Snapdragon) vulnerability
Summary: Several security issues were fixed in the kernel.
Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not properly reference count file
descriptors, leading to a use-after-free. A local unprivileged attacker
could use this to gain administrative privileges.
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of service (system crash).
(CVE-2016-2184)
Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the
Linux kernel did not properly validate USB device descriptors. An attacker
with physical access could use t
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities
vendor_ubuntu·2016-05-06·CVSS 4.6
CVE-2016-2184 [MEDIUM] Linux kernel (Raspberry Pi 2) vulnerabilities
Title: Linux kernel (Raspberry Pi 2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not properly reference count file
descriptors, leading to a use-after-free. A local unprivileged attacker
could use this to gain administrative privileges. (CVE-2016-4557)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of service (system crash).
(CVE-2016-2184)
Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the
Linux kernel did not properly validate USB device descriptors. An attacker
with physical acces
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-05-06·CVSS 4.6
CVE-2016-2184 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not properly reference count file
descriptors, leading to a use-after-free. A local unprivileged attacker
could use this to gain administrative privileges. (CVE-2016-4557)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of service (system crash).
(CVE-2016-2184)
Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the
Linux kernel did not properly validate USB device descriptors. An attacker
with physical access could use this
Red Hat
Kernel: usbip: buffer overflow by trusting length of incoming packets
vendor_redhat·2016-03-17·CVSS 9.8
CVE-2016-3955 [CRITICAL] CWE-120 Kernel: usbip: buffer overflow by trusting length of incoming packets
Kernel: usbip: buffer overflow by trusting length of incoming packets
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
Statement: This issue does not affect the versions of the kernel package as shipped with
Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: realtime-kernel (Red Hat Enterprise MRG 2) - Not affecte
Debian
CVE-2016-3955: linux - The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux k...
vendor_debian·2016·CVSS 9.8
CVE-2016-3955 [CRITICAL] CVE-2016-3955: linux - The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux k...
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
Scope: local
bookworm: resolved (fixed in 4.5.2-1)
bullseye: resolved (fixed in 4.5.2-1)
forky: resolved (fixed in 4.5.2-1)
sid: resolved (fixed in 4.5.2-1)
trixie: resolved (fixed in 4.5.2-1)
GHSA
GHSA-4chg-535w-wpv8: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common
ghsa_unreviewed·2022-05-17
CVE-2016-3955 [CRITICAL] CWE-119 GHSA-4chg-535w-wpv8: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
OSV
CVE-2016-3955: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common
osv·2016-07-03·CVSS 9.8
CVE-2016-3955 [CRITICAL] CVE-2016-3955: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
OSV
linux-lts-utopic vulnerabilities
osv·2016-06-10·CVSS 8.5
CVE-2016-2117 [HIGH] linux-lts-utopic vulnerabilities
linux-lts-utopic vulnerabilities
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux kernel. A remote attacker could use
this to cause a denial of service (syst
OSV
linux-lts-vivid vulnerabilities
osv·2016-06-10·CVSS 8.5
CVE-2016-2117 [HIGH] linux-lts-vivid vulnerabilities
linux-lts-vivid vulnerabilities
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux kernel. A remote attacker could use
this to cause a denial of service (syste
OSV
linux-lts-wily vulnerabilities
osv·2016-06-10·CVSS 8.5
CVE-2016-2117 [HIGH] linux-lts-wily vulnerabilities
linux-lts-wily vulnerabilities
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap()
handler of a lower filesystem that did not implement one, causing a
recursive page fault to occur. A local unprivileged attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code
with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux kernel. A remote attacker could use
this to cause a denial of service (system
OSV
linux vulnerabilities
osv·2016-06-01·CVSS 8.5
CVE-2016-2117 [HIGH] linux vulnerabilities
linux vulnerabilities
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux
kernel incorrectly enables scatter/gather I/O. A remote attacker could use
this to obtain potentially sensitive information from kernel memory.
(CVE-2016-2117)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB
over wifi device drivers in the Linux kernel. A remote attacker could use
this to cause a denial of service (system crash) or obtain potentially
sensitive information from kernel memory. (CVE-2015-4004)
Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)
Ralf Spenneberg
OSV
linux vulnerabilities
osv·2016-05-06·CVSS 4.6
CVE-2016-4557 [MEDIUM] linux vulnerabilities
linux vulnerabilities
Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not properly reference count file
descriptors, leading to a use-after-free. A local unprivileged attacker
could use this to gain administrative privileges. (CVE-2016-4557)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of service (system crash).
(CVE-2016-2184)
Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the
Linux kernel did not properly validate USB device descriptors. An attacker
with physical access could use this to cause a denial of service (system
crash). (CVE-2016-2185)
Ralf Spenneb
OSV
linux-lts-xenial vulnerabilities
osv·2016-05-06·CVSS 4.6
[MEDIUM] linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not properly reference count file
descriptors, leading to a use-after-free. A local unprivileged attacker
could use this to gain administrative privileges. (CVE-2016-4557)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of service (system crash).
(CVE-2016-2184)
Ralf Spenneberg discovered that the
OSV
linux-raspi2 vulnerabilities
osv·2016-05-06·CVSS 4.6
CVE-2016-4557 [MEDIUM] linux-raspi2 vulnerabilities
linux-raspi2 vulnerabilities
Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not properly reference count file
descriptors, leading to a use-after-free. A local unprivileged attacker
could use this to gain administrative privileges. (CVE-2016-4557)
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of service (system crash).
(CVE-2016-2184)
Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the
Linux kernel did not properly validate USB device descriptors. An attacker
with physical access could use this to cause a denial of service (system
crash). (CVE-2016-2185)
Ralf
OSV
linux-snapdragon vulnerability
osv·2016-05-06·CVSS 4.6
[MEDIUM] linux-snapdragon vulnerability
linux-snapdragon vulnerability
Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not properly reference count file
descriptors, leading to a use-after-free. A local unprivileged attacker
could use this to gain administrative privileges.
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel
did not properly validate USB device descriptors. An attacker with physical
access could use this to cause a denial of service (system crash).
(CVE-2016-2184)
Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in the
Linux kernel did not properly validate USB device descriptors. An attacker
with physical access could use this to cause a denial of service (system
crash). (CVE-2016-2185)
Ralf Spenneberg dis
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-3955 Kernel: usbip: buffer overflow by trusting length of incoming packets
bugzilla·2016-04-19·CVSS 9.8
CVE-2016-3955 [CRITICAL] CVE-2016-3955 Kernel: usbip: buffer overflow by trusting length of incoming packets
CVE-2016-3955 Kernel: usbip: buffer overflow by trusting length of incoming packets
Linux kernel built with the USB over IP(CONFIG_USBIP_*) support is vulnerable
to a buffer overflow issue. It could occur while receiving USB/IP packets, when
the size value in the packet is greater actual transfer buffer.
A user/process could use this flaw to crash the remote host via kernel
memory corruption or potentially execute arbitrary code.
Upstream patch:
-> https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
Reference:
-> http://www.openwall.com/lists/oss-security/2016/04/19/1
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1328479]
---
Statement:
This issue does not affect the versions of the kernel package as shipped with
Red Hat Enter
Bugzilla
CVE-2016-3955 Kernel: usbip: buffer overflow by trusting length of incoming packets [fedora-all]
bugzilla·2016-04-19·CVSS 9.8
CVE-2016-3955 [CRITICAL] CVE-2016-3955 Kernel: usbip: buffer overflow by trusting length of incoming packets [fedora-all]
CVE-2016-3955 Kernel: usbip: buffer overflow by trusting length of incoming packets [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbbhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.htmlhttp://www.debian.org/security/2016/dsa-3607http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3http://www.openwall.com/lists/oss-security/2016/04/19/1http://www.securityfocus.com/bid/86534http://www.ubuntu.com/usn/USN-2989-1http://www.ubuntu.com/usn/USN-2996-1http://www.ubuntu.com/usn/USN-2997-1http://www.ubuntu.com/usn/USN-2998-1http://www.ubuntu.com/usn/USN-3000-1http://www.ubuntu.com/usn/USN-3001-1http://www.ubuntu.com/usn/USN-3002-1http://www.ubuntu.com/usn/USN-3003-1http://www.ubuntu.com/usn/USN-3004-1https://bugzilla.redhat.com/show_bug.cgi?id=1328478https://github.com/torvalds/linux/commit/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbbhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbbhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.htmlhttp://www.debian.org/security/2016/dsa-3607http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3http://www.openwall.com/lists/oss-security/2016/04/19/1http://www.securityfocus.com/bid/86534http://www.ubuntu.com/usn/USN-2989-1http://www.ubuntu.com/usn/USN-2996-1http://www.ubuntu.com/usn/USN-2997-1http://www.ubuntu.com/usn/USN-2998-1http://www.ubuntu.com/usn/USN-3000-1http://www.ubuntu.com/usn/USN-3001-1http://www.ubuntu.com/usn/USN-3002-1http://www.ubuntu.com/usn/USN-3003-1http://www.ubuntu.com/usn/USN-3004-1https://bugzilla.redhat.com/show_bug.cgi?id=1328478https://github.com/torvalds/linux/commit/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
2016-07-03
Published