CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
57.2%
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7
through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows
physically proximate attackers to cause a denial of service (panic) via a
nonzero bInterfaceNumber value in a USB device descriptor.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
mdeslaur | need to check if usbvision driver is in any Ubuntu kernels |
sbeattie | The original fix was 588afcc1c0e4; however it was determined to be bad and fa52bd506f was applied instead, and d5468d7af is intended to revert 588afcc1c0e4. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | < 3.2.0-115.157 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-101.148 | UNKNOWN |
ubuntu | 15.10 | noarch | linux | < 4.2.0-35.40 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-22.39 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1677.104 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-101.148~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | < 3.16.0-69.89~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-vivid | < 3.19.0-74.82~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-wily | < 4.2.0-35.40~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-xenial | < 4.4.0-22.39~14.04.1 | UNKNOWN |
seclists.org/bugtraq/2015/Oct/35
www.os-s.net/advisories/DOS-KernelCrashesOnInvalidUSBDeviceDescriptors-UsbvisionDriver.pdf
bugzilla.redhat.com/show_bug.cgi?id=1201858
launchpad.net/bugs/cve/CVE-2015-7833
nvd.nist.gov/vuln/detail/CVE-2015-7833
security-tracker.debian.org/tracker/CVE-2015-7833
ubuntu.com/security/notices/USN-2929-1
ubuntu.com/security/notices/USN-2929-2
ubuntu.com/security/notices/USN-2932-1
ubuntu.com/security/notices/USN-2947-1
ubuntu.com/security/notices/USN-2947-2
ubuntu.com/security/notices/USN-2947-3
ubuntu.com/security/notices/USN-2948-1
ubuntu.com/security/notices/USN-2967-1
ubuntu.com/security/notices/USN-2967-2
www.cve.org/CVERecord?id=CVE-2015-7833