First published: Thu Apr 07 2016(Updated: )
A vulnerability was found in the usbnet Linux kernel driver. The bug allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have other impact by inserting a USB device with an invalid USB descriptor. Upstream fixes: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b</a> External references: <a href="https://www.spinics.net/lists/netdev/msg367669.html">https://www.spinics.net/lists/netdev/msg367669.html</a> <a href="https://bugzilla.novell.com/show_bug.cgi?id=974418">https://bugzilla.novell.com/show_bug.cgi?id=974418</a> Reference and CVE assignment: <a href="http://seclists.org/oss-sec/2016/q2/19">http://seclists.org/oss-sec/2016/q2/19</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =15.10 | |
Novell Suse Linux Enterprise Software Development Kit | =12.0-sp1 | |
Suse Suse Linux Enterprise Software Development Kit | =12.0 | |
Novell Suse Linux Enterprise Desktop | =12 | |
Novell Suse Linux Enterprise Desktop | =12-sp1 | |
Novell Suse Linux Enterprise Live Patching | =12.0 | |
Novell Suse Linux Enterprise Module For Public Cloud | =12 | |
Novell Suse Linux Enterprise Real Time Extension | =12-sp1 | |
Novell Suse Linux Enterprise Server | =12.0 | |
Novell Suse Linux Enterprise Server | =12.0-sp1 | |
Novell Suse Linux Enterprise Workstation Extension | =12.0 | |
Novell Suse Linux Enterprise Workstation Extension | =12.0-sp1 | |
Linux Linux kernel | =4.5.0-rc7 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this double free vulnerability is CVE-2016-3951.
The severity of CVE-2016-3951 is low.
CVE-2016-3951 affects Linux kernel versions before 4.5.
The impact of CVE-2016-3951 is a denial of service (system crash) or possibly unspecified other impact by inserting a USB device with an invalid USB descriptor.
To fix CVE-2016-3951, update your Linux kernel to version 4.5 or later.