CVE-2015-7515

MEDIUM

Linux Kernel < 4.4 - Denial of Service via Crafted USB Device in Aiptek Tablet Driver

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7515. PoCs published by OpenSource Security.

AI-analyzed exploit summary This exploit demonstrates a null pointer dereference vulnerability in the Linux aiptek driver, leading to a kernel crash (DoS) when a malformed USB device descriptor is processed. The PoC includes a device descriptor and Arduino firmware to trigger the flaw.

Description

The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.

Exploits (1)

exploitdb WORKING POC

by OpenSource Security · textdoslinux

https://www.exploit-db.com/exploits/39544

View Code ZIP pw:eip

This exploit demonstrates a null pointer dereference vulnerability in the Linux aiptek driver, leading to a kernel crash (DoS) when a malformed USB device descriptor is processed. The PoC includes a device descriptor and Arduino firmware to trigger the flaw.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux Kernel 3.10.0-229.20.1.el7.x86_64 (RHEL 7.1)

No auth needed

Prerequisites: Physical access to the target system to connect a malicious USB device

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19

Core References

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2971-2

Third Party Advisory x_refsource_confirm

https://security-tracker.debian.org/tracker/CVE-2015-7515

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2967-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/84288

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2970-1

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2969-1

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2967-2

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2968-1

Vendor Advisory x_refsource_confirm

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2971-3

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1285326

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2016/dsa-3607

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39544/

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2971-1

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2968-2

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

Vendor Advisory x_refsource_confirm

https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html

Scores

CVSS v3 4.6

EPSS 0.0180

EPSS Percentile 75.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (2)

linux/linux_kernel 4.4 rc1 (8 CPE variants)

linux/linux_kernel < 4.4

Published Apr 27, 2016

Tracked Since Feb 18, 2026