CVE-2016-2184
Publication date 27 April 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
From the Ubuntu Security Team
Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash).
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
16.04 LTS xenial |
Fixed 4.4.0-22.39
|
|
14.04 LTS trusty |
Fixed 3.13.0-86.130
|
|
linux-armadaxp | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-flo | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-saucy | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 3.16.0-71.91~14.04.1
|
|
linux-lts-vivid | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 3.19.0-59.65~14.04.1
|
|
linux-lts-wily | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.2.0-36.41~14.04.1
|
|
linux-lts-xenial | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-22.39~14.04.1
|
|
linux-maguro | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
16.04 LTS xenial |
Fixed 4.4.0-1010.12
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
16.04 LTS xenial |
Fixed 4.4.0-1013.14
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
Notes
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
Patch details
Package | Patch details |
---|---|
linux |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.6 · Medium |
Attack vector | Physical |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-2996-1
- Linux kernel vulnerabilities
- 10 June 2016
- USN-2997-1
- Linux kernel (OMAP4) vulnerabilities
- 10 June 2016
- USN-2971-3
- Linux kernel (Raspberry Pi 2) vulnerabilities
- 9 May 2016
- USN-2971-1
- Linux kernel vulnerabilities
- 9 May 2016
- USN-2965-3
- Linux kernel (Raspberry Pi 2) vulnerabilities
- 6 May 2016
- USN-2970-1
- Linux kernel (Vivid HWE) vulnerabilities
- 9 May 2016
- USN-2965-4
- Linux kernel (Qualcomm Snapdragon) vulnerability
- 6 May 2016
- USN-2965-1
- Linux kernel vulnerabilities
- 6 May 2016
- USN-2968-1
- Linux kernel vulnerabilities
- 9 May 2016
- USN-2968-2
- Linux kernel (Trusty HWE) vulnerabilities
- 9 May 2016
- USN-2971-2
- Linux kernel (Wily HWE) vulnerabilities
- 9 May 2016
- USN-2965-2
- Linux kernel (Xenial HWE) vulnerabilities
- 6 May 2016
- USN-2969-1
- Linux kernel (Utopic HWE) vulnerabilities
- 9 May 2016