Denial of Service Vulnerability in Linux Kernel USB Driver
CVE-2015-7566

4.6MEDIUM

Key Information:

Vendor
Novell
Status
Suse Linux Enterprise Server
Suse Linux Enterprise Debuginfo
Suse Linux Enterprise Software Development Kit
Suse Linux Enterprise Real Time Extension
Vendor
CVE Published:
8 February 2016

Summary

The clie_5_attach function in the Linux Kernel’s USB serial driver is susceptible to a denial of service condition. This vulnerability arises when a physically proximate attacker connects a specially crafted USB device that lacks a bulk-out endpoint. This can lead to a NULL pointer dereference, potentially crashing the system and causing instability. Immediate remediation is advised to prevent potential exploitation.

References

http://www.ubuntu.com/usn/USN-2930-1
vendor-advisoryx_refsource_UBUNTU
https://security-tracker.debian.org/tracker/CVE-2015-7566
x_refsource_CONFIRM
http://www.securityfocus.com/bid/82975
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.