Vulnerability Details : CVE-2015-7833
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.
Vulnerability category: Denial of service
Products affected by CVE-2015-7833
- cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7833
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7833
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2015-7833
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7833
-
http://www.ubuntu.com/usn/USN-2948-1
USN-2948-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=1201858
Bug Access DeniedIssue Tracking
-
http://www.ubuntu.com/usn/USN-2932-1
USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security notices
-
http://www.os-s.net/advisories/DOS-KernelCrashesOnInvalidUSBDeviceDescriptors-UsbvisionDriver.pdf
Exploit
-
http://www.ubuntu.com/usn/USN-2947-3
USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2967-2
USN-2967-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2929-2
USN-2929-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2929-1
USN-2929-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
[security-announce] SUSE-SU-2016:1937-1: important: Security update forThird Party Advisory
-
http://www.securityfocus.com/bid/77030
Red Hat Enterprise Linux 'USB Device Descriptor' Local Denial of Service Vulnerability
-
http://www.ubuntu.com/usn/USN-2947-2
USN-2947-2: Linux kernel (Wily HWE) vulnerabilities | Ubuntu security notices
-
http://www.debian.org/security/2015/dsa-3396
Debian -- Security Information -- DSA-3396-1 linux
-
http://www.ubuntu.com/usn/USN-2947-1
USN-2947-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
[security-announce] SUSE-SU-2016:2105-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
[security-announce] SUSE-SU-2016:1985-1: important: Security update for
-
http://www.securitytracker.com/id/1034452
Red Hat Enterprise Linux Kernel usbvision Driver Bug Lets Local Users Cause Denial of Service Conditions on the Target System - SecurityTracker
-
http://www.securityfocus.com/archive/1/536629
SecurityFocusExploit;Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2015/dsa-3426
Debian -- Security Information -- DSA-3426-1 linux
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
[security-announce] openSUSE-SU-2016:2184-1: important: Security update
-
http://www.ubuntu.com/usn/USN-2948-2
USN-2948-2: Linux kernel (Utopic HWE) regression | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2967-1
USN-2967-1: Linux kernel vulnerabilities | Ubuntu security notices
Jump to