Johan Hovold

16 exploits Active since Nov 2015
CVE-2015-7566 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.4.1 - Denial of Service via USB Device Without Bulk-Out Endpoint
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
CVSS 4.6
CVE-2016-2782 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.5 - Denial of Service via USB Device with Missing Endpoints
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
CVSS 4.6
CVE-2016-3136 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
CVSS 4.6
CVE-2016-3140 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device Descriptor
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
CVE-2017-16525 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.8 - Use-After-Free in USB Serial Console Disconnect
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
CVSS 6.6
CVE-2015-5257 WRITEUP WRITEUP
Linux Kernel < 4.2.3 - Denial of Service via USB Whiteheat Driver
drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320.
CVE-2017-16525 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.8 - Use-After-Free in USB Serial Console Disconnect
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
CVSS 6.6
CVE-2017-5547 WRITEUP HIGH WRITEUP
Linux Kernel 4.4-4.4.45 - Denial of Service via HID Corsair Driver DMA Scatterlist Handling
drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
CVSS 7.8
CVE-2017-5549 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.9.4 - Information Disclosure via Uninitialized Memory in kl5kusb105 Driver
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.
CVSS 5.5
CVE-2017-8071 WRITEUP MEDIUM WRITEUP
Linux Kernel 4.9.x < 4.9.9 - Denial of Service via HID cp2112 Driver Spinlock Deadlock
drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.
CVSS 5.5
CVE-2017-8072 WRITEUP HIGH WRITEUP
Linux Kernel 4.9.x before 4.9.9 - EIO Error in cp2112_gpio_direction_input
The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.
CVSS 7.8
CVE-2017-8924 WRITEUP MEDIUM WRITEUP
Linux kernel <4.10.4 - Info Disclosure
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.
CVSS 4.6
CVE-2017-8925 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.10.4 - Denial of Service via Omninet Driver Reference Count Mishandling
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVSS 5.5
CVE-2020-11608 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.6.1 - NULL Pointer Dereference in ov519.c
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.
CVSS 4.3
CVE-2020-11609 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.6.1 - NULL Pointer Dereference in stv06xx USB Camera Driver
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.
CVSS 4.3
CVE-2020-11668 WRITEUP HIGH WRITEUP
Linux Kernel < 5.6.1 - NULL Pointer Dereference in Xirlink Camera USB Driver
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
CVSS 7.1