First published: Fri Mar 11 2016(Updated: )
A flaw was found in in the Linux kernel's USB device management code which could cause a kernel panic when a device which required ati_remote2 kernel module. The kernel would panic causing null pointer dereference attempting to access a non existent interface descriptor. The ati_remote2 driver assumes that there will be at least two interface-descriptors with associated endpoint-descriptors. Product bugs: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED WONTFIX - CVE-2016-2185 Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver bug1) [local-DoS]" href="show_bug.cgi?id=1283362">https://bugzilla.redhat.com/show_bug.cgi?id=1283362</a> <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED WONTFIX - CVE-2016-2185 Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver bug2) [local-DoS]" href="show_bug.cgi?id=1283363">https://bugzilla.redhat.com/show_bug.cgi?id=1283363</a> Public via: <a href="http://seclists.org/bugtraq/2016/Mar/90">http://seclists.org/bugtraq/2016/Mar/90</a> Red Hat assigned <a href="https://access.redhat.com/security/cve/CVE-2016-2185">CVE-2016-2185</a> to this issue. Upstream patch: <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =12.04 | |
Linux Linux kernel | <=4.5.0 | |
Novell Suse Linux Enterprise Software Development Kit | =11.0-sp4 | |
Novell Suse Linux Enterprise Software Development Kit | =12.0 | |
Novell Suse Linux Enterprise Software Development Kit | =12.0-sp1 | |
Novell Suse Linux Enterprise Debuginfo | =11.0-sp4 | |
Novell Suse Linux Enterprise Desktop | =12.0 | |
Novell Suse Linux Enterprise Desktop | =12.0-sp1 | |
Novell Suse Linux Enterprise Live Patching | =12.0 | |
Novell Suse Linux Enterprise Module For Public Cloud | =12.0 | |
Novell Suse Linux Enterprise Real Time Extension | =11.0-sp4 | |
Novell Suse Linux Enterprise Real Time Extension | =12.0-sp1 | |
Novell Suse Linux Enterprise Server | =11.0-extra | |
Novell Suse Linux Enterprise Server | =11.0-sp4 | |
Novell Suse Linux Enterprise Server | =12.0 | |
Novell Suse Linux Enterprise Server | =12.0-sp1 | |
Novell Suse Linux Enterprise Workstation Extension | =12.0 | |
Novell Suse Linux Enterprise Workstation Extension | =12.0-sp1 | |
debian/linux | 5.10.223-1 6.1.106-3 6.1.99-1 6.10.9-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.