Veracode Vulnerability DatabaseVERACODE:17714Denial Of Service (DoS)
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
Linux kernel is vulnerable to denial of service(DoS) attacks. A local user can connect a USB device to the target system to trigger a double-free memory error in snd_usbmidi_create function which cause the kernel to crash or potentially execute arbitrary code.
References
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7
lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
rhn.redhat.com/errata/RHSA-2016-2574.html
rhn.redhat.com/errata/RHSA-2016-2584.html
rhn.redhat.com/errata/RHSA-2017-0817.html
www.debian.org/security/2016/dsa-3503
www.openwall.com/lists/oss-security/2016/02/14/2
www.securityfocus.com/bid/83256
www.securitytracker.com/id/1035072
www.ubuntu.com/usn/USN-2928-1
www.ubuntu.com/usn/USN-2928-2
www.ubuntu.com/usn/USN-2929-1
www.ubuntu.com/usn/USN-2929-2
www.ubuntu.com/usn/USN-2930-1
www.ubuntu.com/usn/USN-2930-2
www.ubuntu.com/usn/USN-2930-3
www.ubuntu.com/usn/USN-2931-1
www.ubuntu.com/usn/USN-2932-1
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html
access.redhat.com/errata/RHSA-2017:0817
access.redhat.com/security/cve/CVE-2017-5551
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1308444
bugzilla.redhat.com/show_bug.cgi?id=1325766
bugzilla.redhat.com/show_bug.cgi?id=847106
github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7
github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384
Related
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C