OVAL Reference oval:com.ubuntu.xenial:def:201631370000000

Oval Definition:

oval:com.ubuntu.xenial:def:201631370000000

Revision Date:	2016-05-02	Version:	1
Title:	CVE-2016-3137 on Ubuntu 16.04 LTS (xenial) - low.
Description:	drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2016-3137
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information linux package in xenial was vulnerable but has been fixed (note: '4.4.0-22.39'). OR linux-aws package in xenial, is related to the CVE in some way and has been fixed (note: '4.4.0-1001.10'). OR linux-flo: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned'). OR linux-gke package in xenial, is related to the CVE in some way and has been fixed (note: '4.4.0-1003.3'). OR linux-goldfish: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned'). OR linux-hwe package in xenial, is related to the CVE in some way and has been fixed (note: '4.8.0-36.36~16.04.1'). OR linux-mako: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned'). OR linux-meta package in xenial was vulnerable but has been fixed (note: '4.4.0-22.39'). OR linux-meta-aws package in xenial, is related to the CVE in some way and has been fixed (note: '4.4.0-1001.10'). OR linux-meta-hwe package in xenial, is related to the CVE in some way and has been fixed (note: '4.8.0-36.36~16.04.1'). OR linux-meta-raspi2 package in xenial was vulnerable but has been fixed (note: '4.4.0-1010.12'). OR linux-meta-snapdragon package in xenial was vulnerable but has been fixed (note: '4.4.0-1013.14'). OR linux-raspi2 package in xenial was vulnerable but has been fixed (note: '4.4.0-1010.12'). OR linux-signed package in xenial was vulnerable but has been fixed (note: '4.4.0-22.39'). OR linux-signed-hwe package in xenial, is related to the CVE in some way and has been fixed (note: '4.8.0-36.36~16.04.1'). OR linux-snapdragon package in xenial was vulnerable but has been fixed (note: '4.4.0-1013.14').

BACK