Multiple Kernel Versions with Multiple Vulnerabilities

medium Log Correlation Engine Plugin ID 802014
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The specific Linux kernel that the system is running is reportedly affected by multiple vulnerabilities.

Description

The following vulnerabilities affect kernel versions that fall below the following on the same branch.

Kernel 4.4.7
Kernel 3.14.66
Kernel 4.5.1
Kernel 3.12.58
Kernel 3.18.32
Kernel 4.1.23
Kernel 3.2.80
Kernel 3.10.102

The specific Linux kernel version that the system is running is reportedly affected by the following vulnerabilities:

- Linux Kernel contains a flaw in the cypress_m8 driver that is triggered during the handling of a specially crafted USB device. This may allow a physically present attacker to crash the system. (CVE-2016-3137)

- Linux Kernel contains a flaw in the mct_u232_m8 driver that is triggered during the handling of a specially crafted USB device. This may allow a physically present attacker to crash the system. (CVE-2016-3136)

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.

See Also

https://www.suse.com/support/update/announcement/2016/suse-su-20161203-1.html

https://www.debian.org/security/2016/dsa-3607

https://bugzilla.redhat.com/show_bug.cgi?id=1316996

https://bugzilla.redhat.com/show_bug.cgi?id=1283368

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.66

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.7

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.58

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.32

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.23

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.80

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.102

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00000.html

http://www.ubuntu.com/usn/usn-2965-1/

http://www.ubuntu.com/usn/usn-2965-2/

http://www.ubuntu.com/usn/usn-2965-3/

http://www.ubuntu.com/usn/usn-2965-4/

http://www.ubuntu.com/usn/usn-2968-1/

http://www.ubuntu.com/usn/usn-2968-2/

http://www.ubuntu.com/usn/usn-2970-1/

http://www.ubuntu.com/usn/usn-2971-2/

http://www.ubuntu.com/usn/usn-2971-1/

http://www.ubuntu.com/usn/usn-2971-3/

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html

http://pivotal.io/security/usn-2970-1

http://www.ubuntu.com/usn/usn-2996-1/

www.ubuntu.com/usn/usn-2997-1/

www.ubuntu.com/usn/usn-2998-1/

http://www.ubuntu.com/usn/usn-3000-1/

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

http://seclists.org/oss-sec/2016/q1/604

http://seclists.org/bugtraq/2016/Mar/55

http://seclists.org/bugtraq/2016/Jun/105

https://os-s.net/advisories/OSS-2016-07_cypress_m8.pdf

https://bugzilla.redhat.com/show_bug.cgi?id=1317007

https://bugzilla.redhat.com/show_bug.cgi?id=1283370

http://seclists.org/oss-sec/2016/q1/603

http://seclists.org/bugtraq/2016/Mar/57

https://os-s.net/advisories/OSS-2016-08_mct_u232.pdf

Plugin Details

Severity: Medium

ID: 802014

Published: 8/29/2016

Updated: 8/29/2016

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 4/12/2016

Vulnerability Publication Date: 3/9/2016

Reference Information

CVE: CVE-2016-3137, CVE-2016-3136