QwikSec

Security Database

CVE

CWE

Training

CVE-2016-2782

Published: Apr 27, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SU-2016:1690

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0

x_refsource_CONFIRM

https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_UBUNTU

SUSE-SU-2016:1764

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20160228 Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver

mailing-list

x_refsource_MLIST

SUSE-SU-2016:1707

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:1672

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:1019

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

SUSE-SU-2016:2074

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=1312670

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.