Ralf Spenneberg

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.9.8 **Description** The issue is related to the `ext4 fill super` function in the Linux kernel, which does not properly validate meta block groups. This allows physically proximate attackers to cause a denial of service, resulting in an out-of-bounds read and system crash, via a crafted ext4 image. **Recommendations** For versions prior to 4.9.8, update to version 4.9.8 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted ext4 images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.2 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This is achieved by using a crafted endpoints value in a USB device descriptor. **Recommendations** For Linux kernel versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash. This is achieved via a crafted `endpoints` value in a USB device descriptor, specifically targeting the `digi port init` function in the Linux kernel. **Recommendations** For Linux kernel versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This is achieved by using a crafted `endpoints` value in a USB device descriptor. **Recommendations** For versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This is achieved by using a crafted `endpoints` value in a USB device descriptor. **Recommendations** For versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash, via a crafted USB device without two interrupt-in endpoint descriptors. This is due to a problem in the `mct u232 msr to state` function. **Recommendations** For Linux kernel versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash, via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor. This is related to the `cypress generic port probe` and `cypress open` functions. **Recommendations** For Linux kernel versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices without both an interrupt-in and an interrupt-out endpoint descriptor to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash, via a USB device without both a control and a data endpoint descriptor. This is due to a problem in the acm probe function in drivers/usb/class/cdc-acm.c. **Recommendations** For Linux kernel versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue is related to the iowarrior probe function in the Linux kernel, which contains an error in handling USB device descriptors. This can be exploited by an attacker to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. The exploitation requires physical proximity to the system and involves crafting a specific value in the USB device descriptor. **Recommendations** For Linux kernel versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1200 CPU devices versions prior to 4.0 **Description** The issue allows remote attackers to bypass a user program block protection mechanism. **Recommendations** For versions prior to 4.0, update to version 4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5 **Description** The issue allows physically proximate attackers to cause a denial of service, potentially leading to a system crash, by inserting a USB device that lacks specific endpoints. **Recommendations** For Linux kernel versions prior to 4.5, update to version 4.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.4.1 **Description** The issue allows physically proximate attackers to cause a denial of service, potentially leading to a system crash, by inserting a USB device that lacks a bulk-out endpoint. This is due to a NULL pointer dereference in the `clie 5 attach` function. **Recommendations** For Linux kernel versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.4 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash, via a crafted USB device that lacks endpoints. This is due to a problem in the aiptek probe function in drivers/input/tablet/aiptek.c. **Recommendations** For Linux kernel versions prior to 4.4, update to version 4.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel package versions 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 **Description** The issue is related to errors in the code of the usbvision driver in the Linux kernel. It allows an attacker with physical access to cause a denial of service (panic) by setting a nonzero `bInterfaceNumber` value in a USB device descriptor. **Recommendations** For Linux kernel package versions 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7, consider restricting access to USB devices to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric MELSEC FX3G PLC devices versions prior to April 2015 **Description** The issue allows remote attackers to cause a denial of service, resulting in a device outage, by sending a long parameter to the HTTP application. **Recommendations** For versions prior to April 2015, consider restricting access to the HTTP application until a fix is available. As a temporary workaround, limit the length of parameters accepted by the application to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1200 CPU devices with firmware prior to 4.1.3 **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of victims via unknown vectors. **Recommendations** For firmware versions prior to 4.1.3, update the firmware to version 4.1.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.17 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash. This is achieved via a crafted endpoints value in a USB device descriptor, specifically targeting the wacom probe function in drivers/input/tablet/wacom sys.c. **Recommendations** For Linux kernel versions prior to 3.17, update to version 3.17 or later to resolve the issue.