kernel: double-free in usb-audio triggered by invalid USB descriptor

🗓️ 03 Nov 2016 08:08:49Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

Physical access enables privilege escalation via double-free in USB-MIDI kernel driver.

Reporter	Title	Published	Views	Family All 230
0day.today	Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege	14 May 201700:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities	16 Jun 201822:03	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM	18 Jun 201801:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel	16 Jun 201822:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products	29 Mar 202301:48	–	ibm
GithubExploit	Exploit for CVE-2016-2384	16 Feb 201612:05	–	githubexploit
Gitee	Exploit for CVE-2016-2384	11 Sep 202015:04	–	gitee
Gitee	Exploit for CVE-2016-2384	2 Dec 202011:37	–	gitee
Gitee	Exploit for CVE-2016-2384	2 Dec 202111:00	–	gitee
Gitee	Exploit for CVE-2016-2384	27 Jul 202503:35	–	gitee

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	x86_64	kernel-rt	0:3.10.0-514.rt56.420.el7	kernel-rt-0:3.10.0-514.rt56.420.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug	0:3.10.0-514.rt56.420.el7	kernel-rt-debug-0:3.10.0-514.rt56.420.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-debuginfo	0:3.10.0-514.rt56.420.el7	kernel-rt-debug-debuginfo-0:3.10.0-514.rt56.420.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-devel	0:3.10.0-514.rt56.420.el7	kernel-rt-debug-devel-0:3.10.0-514.rt56.420.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-kvm	0:3.10.0-514.rt56.420.el7	kernel-rt-debug-kvm-0:3.10.0-514.rt56.420.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-kvm-debuginfo	0:3.10.0-514.rt56.420.el7	kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.rt56.420.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debuginfo	0:3.10.0-514.rt56.420.el7	kernel-rt-debuginfo-0:3.10.0-514.rt56.420.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debuginfo-common-x86_64	0:3.10.0-514.rt56.420.el7	kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.rt56.420.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-devel	0:3.10.0-514.rt56.420.el7	kernel-rt-devel-0:3.10.0-514.rt56.420.el7.x86_64.rpm
Red Hat Enterprise Linux	7	any	kernel-rt-doc	0:3.10.0-514.rt56.420.el7.noarch	kernel-rt-doc-0:3.10.0-514.rt56.420.el7.noarch.noarch.rpm

Source	Link
seclists	www.seclists.org/oss-sec/2016/q1/331
access	www.access.redhat.com/security/cve/CVE-2016-2384
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lkml	www.lkml.org/lkml/2016/2/13/11
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-2384
cve	www.cve.org/CVERecord

13 May 2026 01:18Current

7High risk

Vulners AI Score7

CVSS 34.6

CVSS 24.9

EPSS0.08978

double free privilege escalation universal serial bus midi driver invalid descriptor physical access linux kernel