Vulnerability Details : CVE-2016-3955
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-3955
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Threat overview for CVE-2016-3955
Top countries where our scanners detected CVE-2016-3955
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2016-3955 29,330
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-3955!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-3955
2.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3955
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-3955
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3955
-
https://bugzilla.redhat.com/show_bug.cgi?id=1328478
1328478 – (CVE-2016-3955) CVE-2016-3955 Kernel: usbip: buffer overflow by trusting length of incoming packetsIssue Tracking;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2989-1
USN-2989-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/04/19/1
oss-security - CVE Request: Linux kernel: remote buffer overflow in usbipMailing List;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
Vendor Advisory
-
http://www.ubuntu.com/usn/USN-3001-1
USN-3001-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2996-1
USN-2996-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
USB: usbip: fix potential out-of-bounds write · torvalds/linux@b348d7d · GitHubPatch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2998-1
USN-2998-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3000-1
USN-3000-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
[security-announce] openSUSE-SU-2016:1641-1: important: Security updateMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3002-1
USN-3002-1: Linux kernel (Wily HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
http://www.ubuntu.com/usn/USN-3003-1
USN-3003-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2997-1
USN-2997-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3004-1
USN-3004-1: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/86534
Linux Kernel 'usbip/usbip_common.c' Remote Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2016/dsa-3607
Debian -- Security Information -- DSA-3607-1 linuxThird Party Advisory
Jump to