Denial of Service Vulnerability in Linux Kernel USB Driver
CVE-2015-7566

4.6MEDIUM

Key Information:

Vendor

Novell
Status
Suse Linux Enterprise Server
Suse Linux Enterprise Debuginfo
Suse Linux Enterprise Software Development Kit
Suse Linux Enterprise Real Time Extension
Vendor
CVE Published:
8 February 2016

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2015-7566?

The clie_5_attach function in the Linux Kernel’s USB serial driver is susceptible to a denial of service condition. This vulnerability arises when a physically proximate attacker connects a specially crafted USB device that lacks a bulk-out endpoint. This can lead to a NULL pointer dereference, potentially crashing the system and causing instability. Immediate remediation is advised to prevent potential exploitation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-7566 - Proof of Concept

References

http://www.ubuntu.com/usn/USN-2930-1
vendor-advisoryx_refsource_UBUNTU
https://security-tracker.debian.org/tracker/CVE-2015-7566
x_refsource_CONFIRM
http://www.securityfocus.com/bid/82975
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.