Description
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
Exploits (1)
exploitdb
WORKING POC
by OpenSource Security · textdoslinux
https://www.exploit-db.com/exploits/39539
References (21)
Core 21
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2930-1
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2967-1
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2930-2
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/39539/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2967-2
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2930-3
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/02/28/9
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2929-1
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2932-1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2948-1
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1312670
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2929-2
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2948-2
Scores
CVSS v3
4.6
EPSS
0.0047
EPSS Percentile
64.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (12)
linux/linux_kernel
4.5.0 rc1
linux/linux_kernel
< 4.5.0
suse/linux_enterprise_debuginfo
11 sp2 (2 CPE variants)
suse/linux_enterprise_desktop
12 (2 CPE variants)
suse/linux_enterprise_module_for_public_cloud
12
suse/linux_enterprise_real_time_extension
11 sp4
suse/linux_enterprise_real_time_extension
12 sp1
suse/linux_enterprise_server
11 sp2 (2 CPE variants)
suse/linux_enterprise_server
12 (2 CPE variants)
suse/linux_enterprise_software_development_kit
11 sp4
... and 2 more
Published
Apr 27, 2016
Tracked Since
Feb 18, 2026