What is the severity of REDHAT-BUG-1317014?

The severity of REDHAT-BUG-1317014 is high due to the potential for kernel panic and system instability.

How do I fix REDHAT-BUG-1317014?

To fix REDHAT-BUG-1317014, update to the latest kernel version that addresses the vulnerability.

What systems are affected by REDHAT-BUG-1317014?

REDHAT-BUG-1317014 affects Red Hat Enterprise Linux and the Linux kernel that includes the ati_remote2 module.

What happens if I do not address REDHAT-BUG-1317014?

If REDHAT-BUG-1317014 is not addressed, systems may experience crashes or kernel panics when interacting with specific USB devices.

Is there a workaround for REDHAT-BUG-1317014?

As a workaround for REDHAT-BUG-1317014, you may consider removing or avoiding the use of USB devices that require the ati_remote2 kernel module.

Vulnerability/
REDHAT-BUG-1317014

low

CWE

476

11/3/2016

17/2/2021

REDHAT-BUG-1317014: Null Pointer Dereference

First published: Fri Mar 11 2016(Updated: )

A flaw was found in in the Linux kernel's USB device management code which could cause a kernel panic when a device which required ati_remote2 kernel module. The kernel would panic causing null pointer dereference attempting to access a non existent interface descriptor. The ati_remote2 driver assumes that there will be at least two interface-descriptors with associated endpoint-descriptors. Product bugs: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED WONTFIX - CVE-2016-2185 Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver bug1) [local-DoS]" href="show_bug.cgi?id=1283362">https://bugzilla.redhat.com/show_bug.cgi?id=1283362</a> <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED WONTFIX - CVE-2016-2185 Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver bug2) [local-DoS]" href="show_bug.cgi?id=1283363">https://bugzilla.redhat.com/show_bug.cgi?id=1283363</a> Public via: <a href="http://seclists.org/bugtraq/2016/Mar/90">http://seclists.org/bugtraq/2016/Mar/90</a> Red Hat assigned <a href="https://access.redhat.com/security/cve/CVE-2016-2185">CVE-2016-2185</a> to this issue. Upstream patch: <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d</a>

Affected Software	Affected Version	How to fix
Red Hat Enterprise Linux
Red Hat Kernel-devel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-1317014?
The severity of REDHAT-BUG-1317014 is high due to the potential for kernel panic and system instability.
How do I fix REDHAT-BUG-1317014?
To fix REDHAT-BUG-1317014, update to the latest kernel version that addresses the vulnerability.
What systems are affected by REDHAT-BUG-1317014?
REDHAT-BUG-1317014 affects Red Hat Enterprise Linux and the Linux kernel that includes the ati_remote2 module.
What happens if I do not address REDHAT-BUG-1317014?
If REDHAT-BUG-1317014 is not addressed, systems may experience crashes or kernel panics when interacting with specific USB devices.
Is there a workaround for REDHAT-BUG-1317014?
As a workaround for REDHAT-BUG-1317014, you may consider removing or avoiding the use of USB devices that require the ati_remote2 kernel module.

agent/type
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-2185
agent/source
agent/severity
agent/references
agent/weakness
agent/description
agent/event
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/red hat
canonical/red hat enterprise linux
vendor/linux
canonical/red hat kernel-devel