CVE-2015-8816 — MEDIUM (6.8)

Q: How severe is CVE-2015-8816?

CVE-2015-8816 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8816?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Debuginfo, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Live Patching, Novell Suse Linux Enterprise Module For Public Cloud.

Vulnerability Description

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Novell	Suse Linux Enterprise Software Development Kit	11.0
Novell	Suse Linux Enterprise Debuginfo	11
Novell	Suse Linux Enterprise Desktop	12.0
Novell	Suse Linux Enterprise Live Patching	12.0
Novell	Suse Linux Enterprise Module For Public Cloud	12
Novell	Suse Linux Enterprise Real Time Extension	11
Novell	Suse Linux Enterprise Server	11
Novell	Suse Linux Enterprise Workstation Extension	12.0
Linux	Linux Kernel	>= 2.6.28, < 3.2.76
Suse	Linux Enterprise Live Patching	12
Suse	Linux Enterprise Server	12

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.htmlThird Party Advisory

FAQ

What is CVE-2015-8816?

CVE-2015-8816 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a d...

How severe is CVE-2015-8816?

CVE-2015-8816 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8816?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Debuginfo, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Live Patching, Novell Suse Linux Enterprise Module For Public Cloud.