DNA View

CVE-2016-2782

Medium

Low Medium High Critical

4.6

CVSS Score

Published: Apr 27, 2016

Last Modified: Apr 12, 2025

CWE: CWE-476

Vulnerability Description

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

11 configuration(s) from 2 vendor(s)

linux_kernel

Version:

4.5.0

CPE:

cpe:2.3:o:linux:linux_kernel:4.5.0:rc1:*:*:*:*:*:*

linux_enterprise_debuginfo

Version:

CPE:

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*

linux_enterprise_real_time_extension

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*

linux_enterprise_module_for_public_cloud

Version:

CPE:

cpe:2.3:a:suse:linux_enterprise_module_for_public_cloud:12:*:*:*:*:*:*:*

linux_enterprise_server

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*

linux_enterprise_real_time_extension

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*

linux_enterprise_server

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:*:*:*

linux_enterprise_desktop

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*

linux_enterprise_workstation_extension

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*

linux_enterprise_software_development_kit

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:-:*:*:*:*:*:*

linux_enterprise_software_development_kit

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*

This vulnerability affects 11 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

4.6

out of 10.0

Medium

Weakness Type (CWE)

CWE-476 Top 25 #21

NULL Pointer Dereference

Description: The product dereferences a pointer that it expects to be valid but is NULL.
Exploit Likelihood: Medium
Typical Severity: High
Abstraction Level: Base