Lucene search

PRIOn knowledge basePRION:CVE-2016-3689

HistoryMay 02, 2016 - 10:59 a.m.

Input validation

2016-05-0210:59:00

PRIOn knowledge base

www.prio-n.com

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

70.1%

JSON

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

CPENameOperatorVersion
ubuntu_linuxeq14.04
linux_kernelle4.5.0
suse_linux_enterprise_desktopeq12.0 sp1
suse_linux_enterprise_desktopeq12.0
suse_linux_enterprise_live_patchingeq12.0
suse_linux_enterprise_module_for_public_cloudeq12.0
suse_linux_enterprise_real_time_extensioneq12.0 sp1
suse_linux_enterprise_servereq12.0
suse_linux_enterprise_servereq12.0 sp1
suse_linux_enterprise_software_development_kiteq12.0 sp1

Name	Operator	Version
ubuntu_linux	eq	14.04
linux_kernel	le	4.5.0
suse_linux_enterprise_desktop	eq	12.0 sp1
suse_linux_enterprise_desktop	eq	12.0
suse_linux_enterprise_live_patching	eq	12.0
suse_linux_enterprise_module_for_public_cloud	eq	12.0
suse_linux_enterprise_real_time_extension	eq	12.0 sp1
suse_linux_enterprise_server	eq	12.0
suse_linux_enterprise_server	eq	12.0 sp1
suse_linux_enterprise_software_development_kit	eq	12.0 sp1

Rows per page:

1-10 of 131

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff

lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1

www.openwall.com/lists/oss-security/2016/03/30/6

www.securitytracker.com/id/1035441

www.ubuntu.com/usn/USN-2968-1

www.ubuntu.com/usn/USN-2968-2

www.ubuntu.com/usn/USN-2970-1

www.ubuntu.com/usn/USN-2971-1

www.ubuntu.com/usn/USN-2971-2

www.ubuntu.com/usn/USN-2971-3

www.ubuntu.com/usn/USN-3000-1

bugzilla.novell.com/show_bug.cgi?id=971628

bugzilla.redhat.com/show_bug.cgi?id=1320060

github.com/torvalds/linux/commit/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for PRION:CVE-2016-3689