Vulnerability Details : CVE-2016-5829
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-5829
- cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5829
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5829
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-5829
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5829
-
http://www.ubuntu.com/usn/USN-3072-1
USN-3072-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html
[security-announce] SUSE-SU-2016:2174-1: important: Security update forThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3071-1
USN-3071-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3072-2
USN-3072-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5
HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES com… · torvalds/linux@93a2001 · GitHubVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html
[security-announce] SUSE-SU-2016:2175-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html
[security-announce] SUSE-SU-2016:2178-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RHSA-2016:2574 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3070-1
USN-3070-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
http://www.ubuntu.com/usn/USN-3070-4
USN-3070-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Oracle VM Server for x86 Bulletin - October 2016Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3071-2
USN-3071-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Oracle Linux Bulletin - October 2016Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html
[security-announce] SUSE-SU-2016:2177-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3070-2
USN-3070-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
[security-announce] SUSE-SU-2016:1937-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html
[security-announce] SUSE-SU-2016:2018-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html
[security-announce] SUSE-SU-2016:2180-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3070-3
USN-3070-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/26/2
oss-security - Re: CVE Request: Linux kernel HID: hiddev buffer overflowsMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2006.html
RHSA-2016:2006 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
[security-announce] SUSE-SU-2016:2105-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
[security-announce] SUSE-SU-2016:1985-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html
[security-announce] SUSE-SU-2016:2179-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
[security-announce] openSUSE-SU-2016:2184-1: important: Security updateMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2584.html
RHSA-2016:2584 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3616
Debian -- Security Information -- DSA-3616-1 linuxThird Party Advisory
-
http://www.securityfocus.com/bid/91450
Linux Kernel 'usbhid/hiddev.c' Local Heap Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html
[security-announce] SUSE-SU-2016:2181-1: important: Security update forMailing List;Third Party Advisory
Jump to