CVE-2016-2782
MEDIUMLinux Kernel < 4.5.0 - NULL Pointer Dereference
Title source: ruleDescription
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
Exploits (1)
exploitdb
WORKING POC
by OpenSource Security · textdoslinux
https://www.exploit-db.com/exploits/39539
References (21)
... and 1 more
Scores
CVSS v3
4.6
EPSS
0.0047
EPSS Percentile
64.4%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Classification
CWE
CWE-476
Status
draft
Affected Products (18)
linux/linux_kernel
< 4.5.0
linux/linux_kernel
suse/linux_enterprise_debuginfo
suse/linux_enterprise_debuginfo
suse/linux_enterprise_module_for_public_cloud
suse/linux_enterprise_desktop
suse/linux_enterprise_desktop
suse/linux_enterprise_real_time_extension
suse/linux_enterprise_real_time_extension
suse/linux_enterprise_server
suse/linux_enterprise_server
suse/linux_enterprise_server
suse/linux_enterprise_server
suse/linux_enterprise_software_development_kit
suse/linux_enterprise_software_development_kit
... and 3 more
Timeline
Published
Apr 27, 2016
Tracked Since
Feb 18, 2026