drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel up to and including 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote malicious users to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
||
opensuse opensuse 13.2 |