CVE-2015-8816

MEDIUM

Novell Suse Linux Enterprise Software... - Denial of Service

Title source: rule

Description

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

References (27)

[Vendor Advisory] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

[Third Party Advisory] http://source.android.com/security/bulletin/2016-07-01.html

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3503

... and 7 more

Scores

CVSS v3 6.8

EPSS 0.0008

EPSS Percentile 24.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

Status draft

Affected Products (15)

novell/suse_linux_enterprise_software_development_kit

novell/suse_linux_enterprise_software_development_kit

novell/suse_linux_enterprise_debuginfo

novell/suse_linux_enterprise_desktop

novell/suse_linux_enterprise_live_patching

novell/suse_linux_enterprise_module_for_public_cloud

novell/suse_linux_enterprise_real_time_extension

novell/suse_linux_enterprise_real_time_extension

novell/suse_linux_enterprise_server

novell/suse_linux_enterprise_server

novell/suse_linux_enterprise_server

novell/suse_linux_enterprise_workstation_extension

linux/linux_kernel < 3.2.76

suse/linux_enterprise_live_patching

suse/linux_enterprise_server

Timeline

Published Apr 27, 2016

Tracked Since Feb 18, 2026