CVE-2016-3139

MEDIUM

Novell Suse Linux Enterprise Software... - Denial of Service

Title source: rule
STIX 2.1

Description

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Exploits (1)

exploitdb WORKING POC
by OpenSource Security · textdoslinux
https://www.exploit-db.com/exploits/39538

References (13)

Core 13
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39538/
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1316993
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1283377
Third Party Advisory x_refsource_confirm
https://security-tracker.debian.org/tracker/CVE-2016-3139
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1283375

Scores

CVSS v3 4.6
EPSS 0.0013
EPSS Percentile 31.5%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (12)
linux/linux_kernel < 3.16.7
novell/suse_linux_enterprise_debuginfo 11.0 sp4
novell/suse_linux_enterprise_desktop 12.0
novell/suse_linux_enterprise_live_patching 12.0
novell/suse_linux_enterprise_module_for_public_cloud 12.0
novell/suse_linux_enterprise_real_time_extension 11.0 sp4
novell/suse_linux_enterprise_real_time_extension 12.0 sp1
novell/suse_linux_enterprise_server 11.0 extra (2 CPE variants)
novell/suse_linux_enterprise_server 12.0
novell/suse_linux_enterprise_software_development_kit 11.0 sp4
... and 2 more
Published Apr 27, 2016
Tracked Since Feb 18, 2026