PT-2015-2440 · Linux+2 · Linux Kernel+2

Ralf Spenneberg

Published

2015-10-19

Updated

2017-09-13

CVE-2015-7833

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel package versions 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1

Description The issue is related to errors in the code of the usbvision driver in the Linux kernel. It allows an attacker with physical access to cause a denial of service (panic) by setting a nonzero bInterfaceNumber value in a USB device descriptor.

Recommendations For Linux kernel package versions 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7, consider restricting access to USB devices to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-11805

CVE-2015-7833

DLA-360-1

DSA-3396-1

DSA-3426-1

OPENSUSE-SU-2016_0301-1

OPENSUSE-SU-2016_2184-1

SUSE-SU-2016:1937-1

SUSE-SU-2016:1985-1

SUSE-SU-2016:2105-1

SUSE-SU-2016:2245-1

SUSE-SU-2017:0333-1

USN-2929-1

USN-2929-2

USN-2932-1

USN-2947-1

USN-2947-2

USN-2947-3

USN-2948-1

USN-2948-2

USN-2967-1

USN-2967-2

Affected Products

Linux Kernel

Suse

Ubuntu

PT-2015-2440 · Linux+2 · Linux Kernel+2

CVE-2015-7833

Weakness Enumeration

Related Identifiers

Affected Products

References · 588