Multiple Kernel Versions with Multiple Vulnerabilities

medium Log Correlation Engine Plugin ID 802014

Synopsis

The specific Linux kernel that the system is running is reportedly affected by multiple vulnerabilities.

Description

The following vulnerabilities affect kernel versions that fall below the following on the same branch.

Kernel 4.4.7
Kernel 3.14.66
Kernel 4.5.1
Kernel 3.12.58
Kernel 3.18.32
Kernel 4.1.23
Kernel 3.2.80
Kernel 3.10.102

The specific Linux kernel version that the system is running is reportedly affected by the following vulnerabilities:

- Linux Kernel contains a flaw in the cypress_m8 driver that is triggered during the handling of a specially crafted USB device. This may allow a physically present attacker to crash the system. (CVE-2016-3137)

- Linux Kernel contains a flaw in the mct_u232_m8 driver that is triggered during the handling of a specially crafted USB device. This may allow a physically present attacker to crash the system. (CVE-2016-3136)

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1316996

https://bugzilla.redhat.com/show_bug.cgi?id=1283368

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.66

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.7

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.58

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.32

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.23

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.80

https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.102

https://www.suse.com/support/update/announcement/2016/suse-su-20161203-1.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00000.html

http://www.ubuntu.com/usn/usn-2965-1/

http://www.ubuntu.com/usn/usn-2965-2/

http://www.ubuntu.com/usn/usn-2965-3/

http://www.ubuntu.com/usn/usn-2965-4/

http://www.ubuntu.com/usn/usn-2968-1/

http://www.ubuntu.com/usn/usn-2968-2/

http://www.ubuntu.com/usn/usn-2970-1/

http://www.ubuntu.com/usn/usn-2971-2/

http://www.ubuntu.com/usn/usn-2971-1/

http://www.ubuntu.com/usn/usn-2971-3/

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html

http://pivotal.io/security/usn-2970-1

http://www.ubuntu.com/usn/usn-2996-1/

www.ubuntu.com/usn/usn-2997-1/

www.ubuntu.com/usn/usn-2998-1/

http://www.ubuntu.com/usn/usn-3000-1/

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

https://www.debian.org/security/2016/dsa-3607

http://seclists.org/oss-sec/2016/q1/604

http://seclists.org/bugtraq/2016/Mar/55

http://seclists.org/bugtraq/2016/Jun/105

https://os-s.net/advisories/OSS-2016-07_cypress_m8.pdf

https://bugzilla.redhat.com/show_bug.cgi?id=1317007

https://bugzilla.redhat.com/show_bug.cgi?id=1283370

http://seclists.org/oss-sec/2016/q1/603

http://seclists.org/bugtraq/2016/Mar/57

https://os-s.net/advisories/OSS-2016-08_mct_u232.pdf

Plugin Details

Severity: Medium

ID: 802014

Published: 8/29/2016

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Information

Patch Publication Date: 4/12/2016

Vulnerability Publication Date: 3/9/2016

Reference Information

CVE: CVE-2016-3136, CVE-2016-3137