Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Multiple Kernel Versions with Multiple Vulnerabilities

Medium

Synopsis

The specific Linux kernel that the system is running is reportedly affected by multiple vulnerabilities.

Description

The following vulnerabilities affect kernel versions that fall below the following on the same branch.

Kernel 4.4.7 Kernel 3.14.66 Kernel 4.5.1 Kernel 3.12.58 Kernel 3.18.32 Kernel 4.1.23 Kernel 3.2.80 Kernel 3.10.102

The specific Linux kernel version that the system is running is reportedly affected by the following vulnerabilities:

- Linux Kernel contains a flaw in the cypress_m8 driver that is triggered during the handling of a specially crafted USB device. This may allow a physically present attacker to crash the system. (CVE-2016-3137)

- Linux Kernel contains a flaw in the mct_u232_m8 driver that is triggered during the handling of a specially crafted USB device. This may allow a physically present attacker to crash the system. (CVE-2016-3136)

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1316996
https://bugzilla.redhat.com/show_bug.cgi?id=1283368
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.66
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.58
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.32
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.23
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.80
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.102
https://www.suse.com/support/update/announcement/2016/suse-su-20161203-1.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00000.html
http://www.ubuntu.com/usn/usn-2965-1/
http://www.ubuntu.com/usn/usn-2965-2/
http://www.ubuntu.com/usn/usn-2965-3/
http://www.ubuntu.com/usn/usn-2965-4/
http://www.ubuntu.com/usn/usn-2968-1/
http://www.ubuntu.com/usn/usn-2968-2/
http://www.ubuntu.com/usn/usn-2970-1/
http://www.ubuntu.com/usn/usn-2971-2/
http://www.ubuntu.com/usn/usn-2971-1/
http://www.ubuntu.com/usn/usn-2971-3/
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html
http://pivotal.io/security/usn-2970-1
http://www.ubuntu.com/usn/usn-2996-1/
www.ubuntu.com/usn/usn-2997-1/
www.ubuntu.com/usn/usn-2998-1/
http://www.ubuntu.com/usn/usn-3000-1/
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
https://www.debian.org/security/2016/dsa-3607
http://seclists.org/oss-sec/2016/q1/604
http://seclists.org/bugtraq/2016/Mar/55
http://seclists.org/bugtraq/2016/Jun/105
https://os-s.net/advisories/OSS-2016-07_cypress_m8.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=1317007
https://bugzilla.redhat.com/show_bug.cgi?id=1283370
http://seclists.org/oss-sec/2016/q1/603
http://seclists.org/bugtraq/2016/Mar/57
https://os-s.net/advisories/OSS-2016-08_mct_u232.pdf