CVE-2016-2384

Summary

CVE	CVE-2016-2384
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-04-27 17:59:00 UTC
Updated	2018-01-05 02:30:00 UTC
Description	Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Novell	Suse Linux Enterprise Real Time Extension	12	sp1	All	All
Operating System	Novell	Suse Linux Enterprise Real Time Extension	12	sp1	All	All

References

Reference	Source	Link	Tags
[security-announce] SUSE-SU-2016:1031-1: important: Security update for	SUSE	lists.opensuse.org
ALSA: usb-audio: avoid freeing umidi object twice · torvalds/linux@07d86ca · GitHub	CONFIRM	github.com	Patch
Linux Kernel Double-Free Memory Error in usb-midi Driver Lets Physically Local Users Crash the System or Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com
USN-2929-2: Linux kernel (Trusty HWE) vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
kernel/git/torvalds/linux.git - Linux kernel source tree	CONFIRM	git.kernel.org	Patch, Vendor Advisory
USN-2931-1: Linux kernel (Utopic HWE) vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
Debian -- Security Information -- DSA-3503-1 linux	DEBIAN	www.debian.org
[security-announce] SUSE-SU-2016:1037-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2016:1032-1: important: Security update for	SUSE	lists.opensuse.org
USN-2928-2: Linux kernel (OMAP4) vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
USN-2930-3: Linux kernel (Raspberry Pi 2) vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
[security-announce] SUSE-SU-2016:1035-1: important: Security update for	SUSE	lists.opensuse.org
kernel-exploits/CVE-2016-2384 at master · xairy/kernel-exploits · GitHub	MISC	github.com
USN-2930-1: Linux kernel vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
[security-announce] SUSE-SU-2016:1046-1: important: Security update for	SUSE	lists.opensuse.org
Red Hat Customer Portal	REDHAT	rhn.redhat.com
[security-announce] SUSE-SU-2016:1034-1: important: Security update for	SUSE	lists.opensuse.org
USN-2930-2: Linux kernel (Wily HWE) vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
[security-announce] SUSE-SU-2016:1102-1: important: Security update for	SUSE	lists.opensuse.org
oss-security - CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor	MLIST	www.openwall.com
Linux Kernel CVE-2016-2384 Local Denial of Service Vulnerability	BID	www.securityfocus.com
[security-announce] SUSE-SU-2016:1039-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2016:2074-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2016:1041-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2016:1040-1: important: Security update for	SUSE	lists.opensuse.org
USN-2928-1: Linux kernel vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
[security-announce] SUSE-SU-2016:1764-1: important: Security update for	SUSE	lists.opensuse.org	Third Party Advisory
USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
[security-announce] SUSE-SU-2016:1038-1: important: Security update for	SUSE	lists.opensuse.org
Bug 1308444 – CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor	CONFIRM	bugzilla.redhat.com	Issue Tracking
[security-announce] SUSE-SU-2016:1033-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2016:1019-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] openSUSE-SU-2016:1008-1: important: Security update	SUSE	lists.opensuse.org
USN-2929-1: Linux kernel vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com
[security-announce] SUSE-SU-2016:0911-1: important: Security update for	SUSE	lists.opensuse.org
Red Hat Customer Portal	REDHAT	rhn.redhat.com
[security-announce] SUSE-SU-2016:1045-1: important: Security update for	SUSE	lists.opensuse.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

671064 EulerOS Security Update for kernel (EulerOS-SA-2019-2599)