Lucene search

PRIOn knowledge basePRION:CVE-2016-3139

HistoryApr 27, 2016 - 5:59 p.m.

Null pointer dereference

2016-04-2717:59:00

PRIOn knowledge base

www.prio-n.com

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.01 Low

EPSS

Percentile

83.2%

JSON

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

CPENameOperatorVersion
linux_kernelle3.16.7
suse_linux_enterprise_debuginfoeq11.0 sp4
suse_linux_enterprise_desktopeq12.0
suse_linux_enterprise_live_patchingeq12.0
suse_linux_enterprise_module_for_public_cloudeq12.0
suse_linux_enterprise_real_time_extensioneq11.0 sp4
suse_linux_enterprise_real_time_extensioneq12.0 sp1
suse_linux_enterprise_servereq11.0 sp4
suse_linux_enterprise_servereq12.0
suse_linux_enterprise_servereq11.0 extra

Name	Operator	Version
linux_kernel	le	3.16.7
suse_linux_enterprise_debuginfo	eq	11.0 sp4
suse_linux_enterprise_desktop	eq	12.0
suse_linux_enterprise_live_patching	eq	12.0
suse_linux_enterprise_module_for_public_cloud	eq	12.0
suse_linux_enterprise_real_time_extension	eq	11.0 sp4
suse_linux_enterprise_real_time_extension	eq	12.0 sp1
suse_linux_enterprise_server	eq	11.0 sp4
suse_linux_enterprise_server	eq	12.0
suse_linux_enterprise_server	eq	11.0 extra

Rows per page:

1-10 of 131

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc

lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

bugzilla.redhat.com/show_bug.cgi?id=1283375

bugzilla.redhat.com/show_bug.cgi?id=1283377

bugzilla.redhat.com/show_bug.cgi?id=1316993

github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc

security-tracker.debian.org/tracker/CVE-2016-3139

www.exploit-db.com/exploits/39538/

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for PRION:CVE-2016-3139