CVE-2016-2188
Summary
| CVE | CVE-2016-2188 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-05-02 10:59:00 UTC |
| Updated | 2023-09-12 14:55:00 UTC |
| Description | The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2016:1382-1: important: Security update | SUSE | lists.opensuse.org | |
| USN-2969-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| 1317018 – (CVE-2016-2188) CVE-2016-2188 kernel: Kernel panic on invalid USB device descriptor (iowarrior driver) | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory, VDB Entry |
| [security-announce] SUSE-SU-2016:1707-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| USN-2971-2: Linux kernel (Wily HWE) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| USN-2968-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Vendor Advisory |
| Linux Kernel 3.10.0-229.x RHEL 7.1 / CentOS - iowarrior driver Crash PoC | EXPLOIT-DB | www.exploit-db.com | |
| [security-announce] SUSE-SU-2016:2074-1: important: Security update for | SUSE | lists.opensuse.org | |
| [security-announce] SUSE-SU-2016:1672-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| USN-2970-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| USN-2968-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| 20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) | BUGTRAQ | seclists.org | Third Party Advisory, VDB Entry |
| USB: iowarrior: fix oops with malicious USB descriptors · torvalds/linux@4ec0ef3 · GitHub | CONFIRM | github.com | Vendor Advisory |
| USN-2996-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| USN-2971-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] SUSE-SU-2016:1764-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| [security-announce] SUSE-SU-2016:1690-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| [security-announce] SUSE-SU-2016:1696-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| Bugtraq: oss-2016-15: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) | BUGTRAQ | seclists.org | Exploit, Third Party Advisory, VDB Entry |
| www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1 | CONFIRM | www.kernel.org | |
| USN-2997-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| USN-2971-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.