CVE - CVE-2016-3136

CVE-ID
CVE-2016-3136	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:84299 URL:http://www.securityfocus.com/bid/84299 CONFIRM:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e9a0b05257f29cf4b75f3209243ed71614d062e CONFIRM:http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1283370 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1317007 CONFIRM:https://github.com/torvalds/linux/commit/4e9a0b05257f29cf4b75f3209243ed71614d062e DEBIAN:DSA-3607 URL:http://www.debian.org/security/2016/dsa-3607 EXPLOIT-DB:39541 URL:https://www.exploit-db.com/exploits/39541/ MLIST:[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (mct_u232 driver) URL:http://www.openwall.com/lists/oss-security/2016/03/14/2 SUSE:SUSE-SU-2016:1690 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html SUSE:SUSE-SU-2016:1696 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html SUSE:SUSE-SU-2016:1764 URL:http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html SUSE:openSUSE-SU-2016:1382 URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html UBUNTU:USN-2968-1 URL:http://www.ubuntu.com/usn/USN-2968-1 UBUNTU:USN-2968-2 URL:http://www.ubuntu.com/usn/USN-2968-2 UBUNTU:USN-2970-1 URL:http://www.ubuntu.com/usn/USN-2970-1 UBUNTU:USN-2971-1 URL:http://www.ubuntu.com/usn/USN-2971-1 UBUNTU:USN-2971-2 URL:http://www.ubuntu.com/usn/USN-2971-2 UBUNTU:USN-2971-3 URL:http://www.ubuntu.com/usn/USN-2971-3 UBUNTU:USN-2996-1 URL:http://www.ubuntu.com/usn/USN-2996-1 UBUNTU:USN-2997-1 URL:http://www.ubuntu.com/usn/USN-2997-1 UBUNTU:USN-3000-1 URL:http://www.ubuntu.com/usn/USN-3000-1
Assigning CNA
OpenText (formerly Micro Focus)
Date Record Created
20160313	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160313)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)