Package kernel-image-un-def updated to version 4.5.1-alt1 for branch sisyphus in task 163020.

Published: 2016-11-03
Modified: 2024-11-28

BDU:2016-02241

Уязвимость функции iowarrior_probe ядра операционной системы Linux, связанная с разыменованием указателя NULL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.6) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2016-2188

Published: 2016-04-27
Modified: 2025-04-12

CVE-2016-2184

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-05-02
Modified: 2025-04-12

CVE-2016-2185

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-05-02
Modified: 2025-04-12

CVE-2016-2186

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-05-02
Modified: 2025-04-12

CVE-2016-2188

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-05-02
Modified: 2025-04-12

CVE-2016-3136

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-05-02
Modified: 2025-04-12

CVE-2016-3137

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-05-02
Modified: 2025-04-12

CVE-2016-3138

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-05-02
Modified: 2025-04-12

CVE-2016-3140

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-05-02
Modified: 2025-04-12

CVE-2016-3689

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-10-16
Modified: 2025-04-12

CVE-2016-6327

drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-12-28
Modified: 2025-04-12

CVE-2016-9685

Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.

Severity: MEDIUM (4.9) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla

Version: 2.1.2