CVE-2016-2384

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.5

Description The issue is related to a double free vulnerability in the Linux kernel's USB-MIDI driver, which can be exploited to execute arbitrary code or cause a denial of service. This vulnerability is associated with the use of memory after it has been freed. The exploitation of this issue may allow an attacker to cause a system panic or have other unspecified impacts, particularly through vectors involving an invalid USB descriptor. A real-world incident where this issue was exploited involved achieving Linux kernel code execution through a malicious USB device, demonstrating the potential for code execution via a USB-based attack.

Recommendations For Linux kernel versions prior to 4.5, update to version 4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices or disabling the USB-MIDI driver until a patch is applied. Avoid using the snd usbmidi create function in the sound/usb/midi.c module until the issue is resolved.