Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv3

CVE-2015-7566

Published: 08/02/2016 Updated: 09/10/2018
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 4.6 | Impact Score: 3.6 | Exploitability Score: 0.9
VMScore: 495
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Suse Linux Enterprise Real Time Extension

Vulnerability Summary

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel up to and including 4.4.1 allows physically proximate malicious users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.

Vulnerable Product Search on Vulmon Subscribe to Product

novell suse linux enterprise real time extension 12

novell suse linux enterprise debuginfo 11

novell suse linux enterprise software development kit 11

novell suse linux enterprise real time extension 11

novell suse linux enterprise server 11

linux linux kernel

Vendor Advisories

Debian Security Advisories: DSA-3448-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service CVE-2013-4312 Tetsuo Handa discovered that it is possible for a process to open far more files than the process' limit leading to denial-of-service conditions CVE-2015-7566 Ralf Spenneberg of OpenSource Se ...
Red Hat: CVE-2015-7566
A flaw was found in the way the Linux kernel visor driver handles certain invalid USB device descriptors The driver assumes that the device always has at least one bulk OUT endpoint By using a specially crafted USB device (without a bulk OUT endpoint), an unprivileged user with physical access could trigger a kernel NULL-pointer dereference and c ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-vivid vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-wily vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-utopic vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-utopic regression
USN 2948-1 introduced a regression in the Ubuntu 1410 Linux kernel backported to Ubuntu 1404 LTS ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...

Exploits

Exploit DB: Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference
OS-S Security Advisory 2016-09 Linux visor clie_5_attach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7566 CVSS: 49 (AV:L/AC:L/Au:N/C:N/I:N/A:C) Title: Local RedHat Enterprise Linux DoS â?? RHEL 71 Kernel crashes on invalid USB device descriptors (visor clie_5_attach d ...
Exploit DB: Linux visor clie_5_attach Null Pointer Dereference
Linux kernel version 3100-229201el7x86_64 crashes on presentation of a buggy USB device requiring the visor (clie_5_attach) driver ...

References

NVD-CWE-Otherhttps://github.com/torvalds/linux/commit/cb3232138e37129e88240a98a1d2aba2187ff57chttps://security-tracker.debian.org/tracker/CVE-2015-7566https://bugzilla.redhat.com/show_bug.cgi?id=1296466http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57chttps://bugzilla.redhat.com/show_bug.cgi?id=1283371http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://www.securityfocus.com/bid/82975http://www.debian.org/security/2016/dsa-3503http://www.ubuntu.com/usn/USN-2967-1http://www.ubuntu.com/usn/USN-2967-2http://www.ubuntu.com/usn/USN-2930-1http://www.ubuntu.com/usn/USN-2929-1http://www.ubuntu.com/usn/USN-2932-1http://www.ubuntu.com/usn/USN-2948-2http://www.ubuntu.com/usn/USN-2930-3http://www.ubuntu.com/usn/USN-2930-2http://www.ubuntu.com/usn/USN-2929-2http://www.ubuntu.com/usn/USN-2948-1http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.htmlhttp://www.debian.org/security/2016/dsa-3448http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.htmlhttps://www.exploit-db.com/exploits/39540/http://www.securityfocus.com/archive/1/537733/100/0/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-3448https://www.exploit-db.com/exploits/39540/https://usn.ubuntu.com/2967-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook