CVE-2015-4003 : The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the

The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.

Published 2015-06-07 23:59:08

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-4003

Linux » Linux Kernel
Versions from including (>=) 3.4 and before (<) 3.4.109
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.17 and before (<) 3.18.18
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.19 and before (<) 4.0.6
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.15 and before (<) 3.16.35
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.11 and before (<) 3.12.45
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.13 and before (<) 3.14.45
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.5 and before (<) 3.10.81
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-4003

EPSS FAQ

1.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 80 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-4003

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2015-4003

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-4003

http://www.ubuntu.com/usn/USN-2667-1

USN-2667-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/74668

Linux Kernel 'ozwpan' Driver Multiple Denial of Service Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b

kernel/git/torvalds/linux.git - Linux kernel source tree
Vendor Advisory
https://github.com/torvalds/linux/commit/04bf464a5dfd9ade0dda918e44366c2c61fce80b

ozwpan: divide-by-zero leading to panic · torvalds/linux@04bf464 · GitHub
Vendor Advisory
http://www.ubuntu.com/usn/USN-2665-1

USN-2665-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://openwall.com/lists/oss-security/2015/06/05/7

oss-security - Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html

[security-announce] openSUSE-SU-2015:1382-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-4003

Products affected by CVE-2015-4003

Exploit prediction scoring system (EPSS) score for CVE-2015-4003

CVSS scores for CVE-2015-4003

CWE ids for CVE-2015-4003

References for CVE-2015-4003