CVE-2016-2782 — MEDIUM (4.6)

Q: How severe is CVE-2016-2782?

CVE-2016-2782 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-2782?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Module For Public Cloud, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension.

Vulnerability Description

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 4.5.0
Suse	Linux Enterprise Debuginfo	11
Suse	Linux Enterprise Module For Public Cloud	12
Suse	Linux Enterprise Desktop	12
Suse	Linux Enterprise Real Time Extension	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Suse	Linux Enterprise Workstation Extension	12

Related Weaknesses (CWE)

CWE-476

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b5Issue TrackingPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/28/9Mailing ListThird Party Advisory
http://www.ubuntu.com/usn/USN-2929-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2929-2Third Party Advisory
http://www.ubuntu.com/usn/USN-2930-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2930-2Third Party Advisory
http://www.ubuntu.com/usn/USN-2930-3Third Party Advisory
http://www.ubuntu.com/usn/USN-2932-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2948-1Third Party Advisory

FAQ

What is CVE-2016-2782?

CVE-2016-2782 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or ...

How severe is CVE-2016-2782?

CVE-2016-2782 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2782?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Module For Public Cloud, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension.