CVE-2016-3136
Last modified
CVE-2016-3136 is a vulnerability of currently unknown severity. The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.. EPSS estimates a 1.80% chance of exploitation in the next 30 days.
Description
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | <= 4.5.0 | — |
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 | — |
| Novell | Suse Linux Enterprise Desktop | 12.0 | — |
| Novell | Suse Linux Enterprise Live Patching | 12.0 | — |
| Novell | Suse Linux Enterprise Module For Public Cloud | 12.0 | — |
| Novell | Suse Linux Enterprise Real Time Extension | 12.0 | Sp1 |
| Novell | Suse Linux Enterprise Server | 12.0 | — |
| Novell | Suse Linux Enterprise Workstation Extension | 12.0 | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 14.04 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-3136?
How severe is CVE-2016-3136?
How do I fix CVE-2016-3136?
Are you affected by CVE-2016-3136?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST