Vulnerability Description
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 |
| Novell | Suse Linux Enterprise Desktop | 12.0 |
| Novell | Suse Linux Enterprise Live Patching | 12.0 |
| Novell | Suse Linux Enterprise Module For Public Cloud | 12.0 |
| Novell | Suse Linux Enterprise Real Time Extension | 12.0 |
| Novell | Suse Linux Enterprise Server | 12.0 |
| Novell | Suse Linux Enterprise Workstation Extension | 12.0 |
| Linux | Linux Kernel | <= 4.5.0 |
| Canonical | Ubuntu Linux | 14.04 |
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad22Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlThird Party Advisory
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1Vendor Advisory
- http://www.openwall.com/lists/oss-security/2016/03/30/6
- http://www.securitytracker.com/id/1035441
- http://www.ubuntu.com/usn/USN-2968-1
- http://www.ubuntu.com/usn/USN-2968-2
- http://www.ubuntu.com/usn/USN-2970-1
- http://www.ubuntu.com/usn/USN-2971-1
- http://www.ubuntu.com/usn/USN-2971-2
- http://www.ubuntu.com/usn/USN-2971-3
- http://www.ubuntu.com/usn/USN-3000-1Third Party Advisory
FAQ
What is CVE-2016-3689?
CVE-2016-3689 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device ...
How severe is CVE-2016-3689?
CVE-2016-3689 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3689?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Live Patching, Novell Suse Linux Enterprise Module For Public Cloud, Novell Suse Linux Enterprise Real Time Extension.