PT-2015-2440 · Linux+2 · Linux Kernel+2

Ralf Spenneberg

Publicado

2015-10-19

Atualizado

2017-09-13

CVE-2015-7833

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel package versions 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1

Description The issue is related to errors in the code of the usbvision driver in the Linux kernel. It allows an attacker with physical access to cause a denial of service (panic) by setting a nonzero bInterfaceNumber value in a USB device descriptor.

Recommendations For Linux kernel package versions 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7, consider restricting access to USB devices to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

BDU:2015-11805

CVE-2015-7833

DLA-360-1

DSA-3396-1

DSA-3426-1

OPENSUSE-SU-2016_0301-1

OPENSUSE-SU-2016_2184-1

SUSE-SU-2016:1937-1

SUSE-SU-2016:1985-1

SUSE-SU-2016:2105-1

SUSE-SU-2016:2245-1

SUSE-SU-2017:0333-1

USN-2929-1

USN-2929-2

USN-2932-1

USN-2947-1

USN-2947-2

USN-2947-3

USN-2948-1

USN-2948-2

USN-2967-1

USN-2967-2

Produtos afetados

Linux Kernel

Suse

Ubuntu

PT-2015-2440 · Linux+2 · Linux Kernel+2

CVE-2015-7833

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 588