Ralf Spenneberg

11 exploits Active since Feb 2016
CVE-2015-7515 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.4 - Denial of Service via Crafted USB Device in Aiptek Tablet Driver
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVSS 4.6
EIP-2026-102657 EXPLOITDB text WORKING POC
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cdc_acm' Nullpointer Dereference
EIP-2026-102658 EXPLOITDB text WRITEUP
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cypress_m8' Nullpointer Dereference
CVE-2016-3140 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device Descriptor
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
CVE-2016-3136 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
CVSS 4.6
CVE-2016-3139 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 3.17 - Denial of Service via Wacom USB Device Descriptor
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
CVE-2016-2782 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.5 - Denial of Service via USB Device with Missing Endpoints
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
CVSS 4.6
CVE-2015-7566 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.4.1 - Denial of Service via USB Device Without Bulk-Out Endpoint
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
CVSS 4.6
CVE-2016-2188 EXPLOITDB MEDIUM text WORKING POC
SUSE Linux Enterprise - Denial of Service via USB Device Descriptor
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
CVE-2016-2184 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device Descriptor
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
EIP-2026-102660 EXPLOITDB c WORKING POC
Linux Kernel 4.8.0-22/3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference