Lucene search

[email protected]CVE-2015-8816

HistoryApr 27, 2016 - 5:59 p.m.

CVE-2015-8816

2016-04-2717:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

115

cve-2015-8816

linux kernel

usb

denial of service

invalid memory access

system crash

nvd

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.3%

JSON

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

CPENameOperatorVersion
novell:suse_linux_enterprise_servernovell suse linux enterprise servereq12.0
novell:suse_linux_enterprise_servernovell suse linux enterprise servereq11
novell:suse_linux_enterprise_debuginfonovell suse linux enterprise debuginfoeq11
novell:suse_linux_enterprise_live_patchingnovell suse linux enterprise live patchingeq12.0
novell:suse_linux_enterprise_real_time_extensionnovell suse linux enterprise real time extensioneq11
novell:suse_linux_enterprise_desktopnovell suse linux enterprise desktopeq12.0
novell:suse_linux_enterprise_module_for_public_cloudnovell suse linux enterprise module for public cloudeq12
novell:suse_linux_enterprise_workstation_extensionnovell suse linux enterprise workstation extensioneq12.0
novell:suse_linux_enterprise_software_development_kitnovell suse linux enterprise software development kiteq11.0
novell:suse_linux_enterprise_real_time_extensionnovell suse linux enterprise real time extensioneq12

CPE	Name	Operator	Version
novell:suse_linux_enterprise_server	novell suse linux enterprise server	eq	12.0
novell:suse_linux_enterprise_server	novell suse linux enterprise server	eq	11
novell:suse_linux_enterprise_debuginfo	novell suse linux enterprise debuginfo	eq	11
novell:suse_linux_enterprise_live_patching	novell suse linux enterprise live patching	eq	12.0
novell:suse_linux_enterprise_real_time_extension	novell suse linux enterprise real time extension	eq	11
novell:suse_linux_enterprise_desktop	novell suse linux enterprise desktop	eq	12.0
novell:suse_linux_enterprise_module_for_public_cloud	novell suse linux enterprise module for public cloud	eq	12
novell:suse_linux_enterprise_workstation_extension	novell suse linux enterprise workstation extension	eq	12.0
novell:suse_linux_enterprise_software_development_kit	novell suse linux enterprise software development kit	eq	11.0
novell:suse_linux_enterprise_real_time_extension	novell suse linux enterprise real time extension	eq	12

Rows per page:

1-10 of 221

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea

lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

source.android.com/security/bulletin/2016-07-01.html

www.debian.org/security/2016/dsa-3503

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5

www.openwall.com/lists/oss-security/2016/02/23/5

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/83363

bugzilla.redhat.com/show_bug.cgi?id=1311589

github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for CVE-2015-8816

prion1 android1 ubuntucve1 debiancve1 threatpost1 openvas20 suse20 nessus22 oraclelinux1 debian2 osv1 lenovo1 androidsecurity1