First published: Fri Mar 11 2016(Updated: )
A flaw was found in in the Linux kernel's USB device management code which could cause a crash when a device which required iowarrior driver. The kernel would panic causing null pointer dereference attempting to access non existent endpoints. Product bug: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED WONTFIX - CVE-2016-2188 Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) [local-DoS]" href="show_bug.cgi?id=1283390">https://bugzilla.redhat.com/show_bug.cgi?id=1283390</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
SUSE Linux Enterprise Software Development Kit | =11.0-sp4 | |
SUSE Linux Enterprise Software Development Kit | =12.0 | |
SUSE Linux Enterprise Software Development Kit | =12.0-sp1 | |
SUSE Linux Enterprise Debuginfo | =11.0-sp4 | |
SUSE Linux Enterprise Desktop | =12.0 | |
SUSE Linux Enterprise Desktop | =12.0-sp1 | |
SUSE Linux Enterprise Live Patching | =12.0 | |
SUSE Linux Enterprise Module for Public Cloud | =12.0 | |
SUSE Linux Enterprise Real Time Extension | =11.0-sp4 | |
SUSE Linux Enterprise Real Time Extension | =12.0-sp1 | |
SUSE Linux Enterprise Server | =11.0-extra | |
SUSE Linux Enterprise Server | =11.0-sp4 | |
SUSE Linux Enterprise Server | =12.0 | |
SUSE Linux Enterprise Server | =12.0-sp1 | |
SUSE Linux Enterprise Workstation Extension | =12.0 | |
SUSE Linux Enterprise Workstation Extension | =12.0-sp1 | |
Linux kernel | <=4.5.0 | |
Ubuntu Linux | =12.04 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-2188 is classified as a medium severity vulnerability that can cause a kernel panic leading to system crashes.
To fix CVE-2016-2188, upgrade your Linux kernel to at least version 5.10.223-1 or apply the necessary patches from your distribution.
CVE-2016-2188 affects various SUSE Linux Enterprise versions and specific versions of the Linux kernel, with a range of distributions such as Ubuntu.
CVE-2016-2188 may be exploited through the connection of USB devices requiring the iowarrior driver, causing a null pointer dereference.
Yes, CVE-2016-2188 specifically affects the USB device management code in the Linux kernel, leading to potential crashes when certain USB devices are connected.