CVE-2016-2384

MEDIUM

Linux Kernel < 4.4.8 - Denial of Service

Title source: rule

Description

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

Exploits (2)

exploitdb WORKING POC

by Andrey Konovalov · textlocallinux

https://www.exploit-db.com/exploits/41999

View Code ZIP pw:eip

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/kernel/EXP-CVE-2016-2384

View Code ZIP pw:eip

References (38)

[Mailing List] http://www.openwall.com/lists/oss-security/2016/02/14/2

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3503

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2584.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2574.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0817.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html

[Patch, Vendor Advisory] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7

... and 18 more

Scores

CVSS v3 4.6

EPSS 0.0898

EPSS Percentile 92.6%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (2)

linux/linux_kernel < 4.4.8

novell/suse_linux_enterprise_real_time_extension 12 sp1

Published Apr 27, 2016

Tracked Since Feb 18, 2026