First Last Prev Next    This bug is not in your last search results.
Bug 974418 - (CVE-2016-3951) VUL-0: CVE-2016-3951: kernel: usbnet: memory corruption triggered by invalid USB descriptor allowing for DoS
(CVE-2016-3951)
VUL-0: CVE-2016-3951: kernel: usbnet: memory corruption triggered by invalid ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: E-mail List
E-mail List
https://smash.suse.de/issue/166533/
maint:planned:update CVSSv2:RedHat:CV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-07 08:02 UTC by Johannes Segitz
Modified: 2018-07-03 21:15 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-04-07 08:02:46 UTC 
CVE-2016-3951

http://seclists.org/oss-sec/2016/q2/19

usbnet_link_change will call schedule_work and should be
avoided if bind is failing. Otherwise we will end up with
scheduled work referring to a netdev which has gone away.

The bug allows physically proximate attackers to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
other impact by inserting a USB device with an invalid USB descriptor.

Fixes:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b
https://www.spinics.net/lists/netdev/msg367669.html


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3951
http://seclists.org/oss-sec/2016/q2/19
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3951.html
Comment 1 Swamp Workflow Management 2016-04-07 22:00:35 UTC 
bugbot adjusting priority
Comment 2 Oliver Neukum 2016-04-11 13:41:38 UTC 
The vulnerability exists since v3.10
Comment 3 Oliver Neukum 2016-04-11 13:52:33 UTC 
our stable tree got the stable update
Comment 4 Oliver Neukum 2016-04-12 09:24:14 UTC 
Fix added to all vulnerable trees (the vulnerability had not been ported back)
Comment 5 Bernhard Wiedemann 2016-04-19 10:00:43 UTC 
This is an autogenerated message for OBS integration:
This bug (974418) was mentioned in
https://build.opensuse.org/request/show/390649 42.1 / kernel-source
Comment 6 Swamp Workflow Management 2016-05-23 14:11:17 UTC 
openSUSE-SU-2016:1382-1: An update that solves 11 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 957988,970892,970911,970948,970955,970956,970958,970970,971124,971360,971628,972174,973378,974418,975868
CVE References: CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2847,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3140,CVE-2016-3156,CVE-2016-3689,CVE-2016-3951
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.21-14.2, kernel-default-4.1.21-14.2, kernel-docs-4.1.21-14.5, kernel-ec2-4.1.21-14.2, kernel-obs-build-4.1.21-14.4, kernel-obs-qa-4.1.21-14.2, kernel-obs-qa-xen-4.1.21-14.2, kernel-pae-4.1.21-14.2, kernel-pv-4.1.21-14.2, kernel-source-4.1.21-14.2, kernel-syms-4.1.21-14.2, kernel-vanilla-4.1.21-14.2, kernel-xen-4.1.21-14.2
Comment 7 Swamp Workflow Management 2016-06-27 17:24:07 UTC 
SUSE-SU-2016:1690-1: An update that solves 29 vulnerabilities and has 89 fixes is now available.

Category: security (important)
Bug References: 676471,880007,889207,899908,903279,928547,931448,940413,943989,944309,945345,947337,953233,954847,956491,956852,957805,957986,960857,962336,962846,962872,963193,963572,963762,964461,964727,965319,966054,966245,966573,966831,967251,967292,967299,967903,968010,968141,968448,968512,968667,968670,968687,968812,968813,969439,969571,969655,969690,969735,969992,969993,970062,970114,970504,970506,970604,970892,970909,970911,970948,970955,970956,970958,970970,971049,971124,971125,971126,971159,971170,971360,971600,971628,971947,972003,972174,972844,972891,972933,972951,973378,973556,973570,973855,974165,974308,974406,974418,974646,975371,975488,975533,975945,976739,976868,977582,977685,978401,978822,979169,979213,979419,979485,979548,979867,979879,980348,980371,981143,981344,982354,982698,983213,983318,983394,983904,984456
CVE References: CVE-2014-9717,CVE-2015-8816,CVE-2015-8845,CVE-2016-0758,CVE-2016-2053,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-5244
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.60-52.49.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.60-52.49.3, kernel-obs-build-3.12.60-52.49.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.60-52.49.1, kernel-source-3.12.60-52.49.1, kernel-syms-3.12.60-52.49.1, kernel-xen-3.12.60-52.49.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.60-52.49.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_14-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.60-52.49.1, kernel-source-3.12.60-52.49.1, kernel-syms-3.12.60-52.49.1, kernel-xen-3.12.60-52.49.1
Comment 8 Swamp Workflow Management 2016-06-28 14:23:00 UTC 
SUSE-SU-2016:1696-1: An update that solves 16 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 662458,676471,889207,897662,899908,903279,908151,928547,931448,937086,940413,942262,943989,944309,945345,951844,953233,957805,958390,959514,960857,962336,962846,962872,963572,964461,964727,965319,966054,966573,967640,968497,968687,968812,968813,969016,970604,970609,970892,970911,970948,970955,970956,970958,970970,971049,971124,971126,971159,971170,971600,971628,971793,971947,972003,972068,972174,972780,972844,972891,972951,973378,973556,973855,974418,974646,974692,975371,975488,975772,975945,976739,976821,976868,977582,977685,978401,978527,978822,979213,979347,983143
CVE References: CVE-2014-9717,CVE-2016-1583,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3140,CVE-2016-3689,CVE-2016-3951,CVE-2016-4482,CVE-2016-4486,CVE-2016-4569
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.59-60.41.2
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.59-60.41.8, kernel-obs-build-3.12.59-60.41.2
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.59-60.41.2, kernel-source-3.12.59-60.41.2, kernel-syms-3.12.59-60.41.1, kernel-xen-3.12.59-60.41.2
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.59-60.41.2
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_5-1-2.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.59-60.41.2, kernel-source-3.12.59-60.41.2, kernel-syms-3.12.59-60.41.1, kernel-xen-3.12.59-60.41.2
Comment 9 Swamp Workflow Management 2016-07-08 15:28:00 UTC 
SUSE-SU-2016:1764-1: An update that solves 26 vulnerabilities and has 95 fixes is now available.

Category: security (important)
Bug References: 880007,889207,899908,903279,908151,931448,937086,940413,942262,943645,943989,945219,956084,956852,957986,957988,957990,959146,959514,959709,960174,960561,960629,961500,961512,961658,962336,962872,963193,963572,963746,963765,963827,963960,964201,964461,965087,965153,965199,965319,965830,965924,966054,966094,966437,966471,966573,966693,966831,966864,966910,967047,967251,967292,967299,967650,967651,967802,967903,968010,968018,968074,968141,968206,968230,968234,968253,968448,968497,968512,968643,968670,968687,968812,968813,969112,969439,969571,969655,969690,969735,969992,969993,970062,970160,970504,970604,970609,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971159,971170,971360,971600,971628,972003,972068,972174,972780,972844,972891,972951,973378,973556,973855,974406,974418,975371,975488,975772,975945,980246
CVE References: CVE-2015-7566,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2782,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3689,CVE-2016-3707,CVE-2016-3951
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.58-14.1, kernel-compute_debug-3.12.58-14.1, kernel-rt-3.12.58-14.1, kernel-rt_debug-3.12.58-14.1, kernel-source-rt-3.12.58-14.1, kernel-syms-rt-3.12.58-14.1
Comment 10 Swamp Workflow Management 2016-08-24 13:17:18 UTC 
openSUSE-SU-2016:2144-1: An update that solves 53 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 901754,941113,942702,945219,955654,957052,957988,959709,960561,961512,963762,963765,966245,966437,966693,966849,967972,967973,967974,967975,968010,968011,968012,968013,968018,968670,969354,969355,970114,970275,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971360,971628,971799,971919,971944,972174,973378,973570,974308,974418,974646,975945,978401,978445,978469,978821,978822,979021,979213,979548,979867,979879,979913,980348,980363,980371,980725,981267,982706,983143,983213,984464,984755,984764,986362,986365,986377,986572,986573,986811
CVE References: CVE-2012-6701,CVE-2013-7446,CVE-2014-9904,CVE-2015-3288,CVE-2015-6526,CVE-2015-7566,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2015-8830,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.20.3, cloop-2.639-14.20.3, crash-7.0.8-20.3, hdjmod-1.28-18.21.3, ipset-6.23-20.3, kernel-debug-3.16.7-42.1, kernel-default-3.16.7-42.1, kernel-desktop-3.16.7-42.1, kernel-docs-3.16.7-42.2, kernel-ec2-3.16.7-42.1, kernel-obs-build-3.16.7-42.2, kernel-obs-qa-3.16.7-42.1, kernel-obs-qa-xen-3.16.7-42.1, kernel-pae-3.16.7-42.1, kernel-source-3.16.7-42.1, kernel-syms-3.16.7-42.1, kernel-vanilla-3.16.7-42.1, kernel-xen-3.16.7-42.1, pcfclock-0.44-260.20.2, vhba-kmp-20140629-2.20.2, virtualbox-5.0.20-48.5, xen-4.4.4_02-46.2, xtables-addons-2.6-22.3
Comment 11 Marcus Meissner 2017-03-01 13:12:52 UTC 
released
First Last Prev Next    This bug is not in your last search results.