CVE-2016-3689

4.6MEDIUM

Key Information:

Vendor: Novell
Status: Suse Linux Enterprise Module For Public Cloud; Suse Linux Enterprise Server; Suse Linux Enterprise Live Patching; Suse Linux Enterprise Desktop
Vendor: CVE Published:; 2 May 2016

Summary

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

References

http://www.ubuntu.com/usn/USN-2971-2

vendor-advisoryx_refsource_UBUNTU

http://lists.opensuse.org/opensuse-security-announce/2016...

vendor-advisoryx_refsource_SUSE

https://bugzilla.novell.com/show_bug.cgi?id=971628

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2016
Vulnerability Reserved
Mar 30, 2016

Collectors

NVD DatabaseMitre Database