OpenSource Security

11 exploits Active since Feb 2016
CVE-2015-7515 EXPLOITDB MEDIUM text WORKING POC
Linux kernel <4.4 - DoS
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVSS 4.6
EIP-2026-102657 EXPLOITDB text WORKING POC
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cdc_acm' Nullpointer Dereference
EIP-2026-102658 EXPLOITDB text WRITEUP
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cypress_m8' Nullpointer Dereference
CVE-2016-3140 EXPLOITDB MEDIUM text WORKING POC
Canonical Ubuntu Linux < 4.5.0 - Denial of Service
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
CVE-2016-3136 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.5.0 - Denial of Service
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
CVSS 4.6
CVE-2016-3139 EXPLOITDB MEDIUM text WORKING POC
Novell Suse Linux Enterprise Software... - Denial of Service
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
CVE-2016-2782 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.5.0 - NULL Pointer Dereference
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
CVSS 4.6
CVE-2015-7566 EXPLOITDB MEDIUM text WORKING POC
Linux kernel <4.4.1 - DoS
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
CVSS 4.6
CVE-2016-2188 EXPLOITDB MEDIUM text WORKING POC
Novell Suse Linux Enterprise Software... - Denial of Service
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
CVE-2016-2184 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.5.0 - Denial of Service
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
EIP-2026-102660 EXPLOITDB c WORKING POC
Linux Kernel 4.8.0-22/3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference