CVE-2016-2187

Published on: 05/02/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:15 PM UTC

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:

The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

  • CVE-2016-2187 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 4.6 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
PHYSICAL LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE COMPLETE

CVE References

Description Tags Link
kernel/git/torvalds/linux.git - Linux kernel source tree Patch
Vendor Advisory
git.kernel.org
text/html
URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d
USN-3005-1: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3005-1
USN-3000-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3000-1
Input: gtco - fix crash on detecting device without endpoints · torvalds/[email protected] · GitHub Patch
Vendor Advisory
github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/162f98dea487206d9ab79fc12ed64700667a894d
[security-announce] SUSE-SU-2016:1985-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1985
USN-2998-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-2998-1
USN-3001-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3001-1
USN-3004-1: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3004-1
Linux Kernel 'USB Device Descriptor' Local Denial of Service Vulnerability cve.report (archive)
text/html
URL Logo BID 85425
USN-3007-1: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3007-1
1317017 – (CVE-2016-2187) CVE-2016-2187 kernel: Kernel panic on invalid USB device descriptor (gtco driver) Issue Tracking
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1317017
[security-announce] SUSE-SU-2016:1672-1: important: Security update for Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1672
USN-3002-1: Linux kernel (Wily HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3002-1
Debian -- Security Information -- DSA-3607-1 linux www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3607
USN-2996-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-2996-1
USN-2989-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-2989-1
USN-3003-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3003-1
USN-3006-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3006-1
USN-2997-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-2997-1

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
LinuxLinux KernelAllAllAllAll
Operating
System
NovellSuse Linux Enterprise Debuginfo11sp4AllAll
Operating
System
NovellSuse Linux Enterprise Debuginfo11sp4AllAll
Operating
System
NovellSuse Linux Enterprise Server11extraAllAll
Operating
System
NovellSuse Linux Enterprise Server11sp4AllAll
Operating
System
NovellSuse Linux Enterprise Server11extraAllAll
Operating
System
NovellSuse Linux Enterprise Server11sp4AllAll
Operating
System
NovellSuse Linux Enterprise Software Development Kit11.0sp4AllAll
Operating
System
NovellSuse Linux Enterprise Software Development Kit11.0sp4AllAll
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*:
  • cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*:
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11:extra:*:*:*:*:*:*:
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*:
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11:extra:*:*:*:*:*:*:
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*:
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*:
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*: