Vulnerability CVE-2016-3955

Vulnerability Name:

CVE-2016-3955 (CCN-114791)

Assigned:

2016-05-06

Published:

2016-05-06

Updated:

2022-11-03

Summary:

The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2016-3955

Source: CCN
Type: Linux Kernel GIT Repository
USB: usbip: fix potential out-of-bounds write

Source: CONFIRM
Type: Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2016:1641

Source: DEBIAN
Type: Third Party Advisory
DSA-3607

Source: CONFIRM
Type: Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20160419 CVE Request: Linux kernel: remote buffer overflow in usbip

Source: BID
Type: Third Party Advisory, VDB Entry
86534

Source: UBUNTU
Type: Third Party Advisory
USN-2989-1

Source: UBUNTU
Type: Third Party Advisory
USN-2996-1

Source: UBUNTU
Type: Third Party Advisory
USN-2997-1

Source: UBUNTU
Type: Third Party Advisory
USN-2998-1

Source: UBUNTU
Type: Third Party Advisory
USN-3000-1

Source: UBUNTU
Type: Third Party Advisory
USN-3001-1

Source: UBUNTU
Type: Third Party Advisory
USN-3002-1

Source: UBUNTU
Type: Third Party Advisory
USN-3003-1

Source: UBUNTU
Type: Third Party Advisory
USN-3004-1

Source: CCN
Type: Red Hat Bugzilla Bug 1328478
(CVE-2016-3955) CVE-2016-3955 Kernel: usbip: buffer overflow by trusting length of incoming packets

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1328478

Source: XF
Type: UNKNOWN
linux-kernel-cve20163955-dos(114791)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://github.com/torvalds/linux/commit/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb

Vulnerable Configuration:

Configuration 1:

cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

OR cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

Configuration 2:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 3.11 and < 3.12.59)

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 3.17 and < 3.18.37)

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 3.19 and < 4.1.28)

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 3.2.80)

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 3.3 and < 3.10.102)

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 3.13 and < 3.14.68)

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 4.2 and < 4.4.9)

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 4.5 and < 4.5.3)

Configuration 3:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:4.5.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20163955	V	CVE-2016-3955	2022-05-22
oval:org.opensuse.security:def:30162	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:30282	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:30281	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:30266	P	Security update for samba (Important)	2021-11-16
oval:org.opensuse.security:def:33971	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:33972	P	Security update for openssl-1_1 (Low)	2021-09-09
oval:org.opensuse.security:def:30233	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:30232	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:33956	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:33682	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:33683	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:30217	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:33667	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:33915	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:34433	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:34432	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:33899	P	Security update for permissions (Important)	2021-04-29
oval:org.opensuse.security:def:30177	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:30178	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:34045	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:30025	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:30024	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:34417	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:30009	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:33914	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:34324	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:34325	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:29590	P	Security update for apport (Moderate)	2020-12-01
oval:org.opensuse.security:def:28101	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:34348	P	Security update for strongswan	2020-12-01
oval:org.opensuse.security:def:29563	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:28017	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:34309	P	Security update for radvd	2020-12-01
oval:org.opensuse.security:def:31043	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29562	P	Recommended update for NetworkManager-kde4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27960	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:34260	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31006	P	Security update for java-1_6_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:27878	P	Security update for rubygem-actionpack-2_1	2020-12-01
oval:org.opensuse.security:def:34202	P	Security update for perl-Archive-Zip (Moderate)	2020-12-01
oval:org.opensuse.security:def:30368	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:27750	P	Security update for gd	2020-12-01
oval:org.opensuse.security:def:30324	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:27686	P	Security update for xorg-x11-libX11	2020-12-01
oval:org.opensuse.security:def:30305	P	Security update for system-config-printer (Moderate)	2020-12-01
oval:org.opensuse.security:def:35110	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:33587	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:35070	P	Security update for java-1_7_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:33803	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:34388	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:33584	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34363	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:29579	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29923	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:31058	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29577	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29866	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:34275	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:31021	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29779	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:34217	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30383	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29647	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:34060	P	Security update for libxcrypt	2020-12-01
oval:org.opensuse.security:def:30339	P	Security update for unrar (Important)	2020-12-01
oval:org.opensuse.security:def:29574	P	Security update for Apache2	2020-12-01
oval:org.opensuse.security:def:30320	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:35111	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:33588	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:35071	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:33818	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:34389	P	Security update for transfig (Moderate)	2020-12-01
oval:org.opensuse.security:def:33599	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34364	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:33573	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:29938	P	Security update for libksba	2020-12-01
oval:org.opensuse.security:def:31059	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29578	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29881	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:34276	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31022	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29794	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:34218	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:30384	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29662	P	Security update for CVS	2020-12-01
oval:org.opensuse.security:def:34061	P	Security update for libxml2	2020-12-01
oval:org.opensuse.security:def:30340	P	Security update for unrar (Moderate)	2020-12-01
oval:org.opensuse.security:def:29589	P	Security update for apache2-mod_python	2020-12-01
oval:org.opensuse.security:def:30321	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:27675	P	Security update for telepathy-gabble	2020-12-01
oval:org.opensuse.security:def:29125	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27674	P	Security update for subversion	2020-12-01
oval:org.opensuse.security:def:33819	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:29090	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:28452	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33600	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28408	P	Security update for subversion (Important)	2020-12-01
oval:org.opensuse.security:def:33589	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:29939	P	Security update for libksba (Moderate)	2020-12-01
oval:org.opensuse.security:def:28393	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:35095	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:33572	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:29882	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28354	P	Security update for pidgin (Moderate)	2020-12-01
oval:org.opensuse.security:def:35055	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29795	P	Security update for okular	2020-12-01
oval:org.opensuse.security:def:28305	P	Security update for ocaml (Important)	2020-12-01
oval:org.opensuse.security:def:29663	P	Security update for cvs (Moderate)	2020-12-01
oval:org.opensuse.security:def:28252	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34373	P	Security update for tiff (Moderate)	2020-12-01
oval:org.cisecurity:def:954	P	DSA-3607-1 -- linux -- security update	2016-08-12
oval:com.ubuntu.precise:def:20163955000	V	CVE-2016-3955 on Ubuntu 12.04 LTS (precise) - medium.	2016-07-03
oval:com.ubuntu.trusty:def:20163955000	V	CVE-2016-3955 on Ubuntu 14.04 LTS (trusty) - medium.	2016-07-03
oval:com.ubuntu.xenial:def:201639550000000	V	CVE-2016-3955 on Ubuntu 16.04 LTS (xenial) - medium.	2016-07-03
oval:com.ubuntu.xenial:def:20163955000	V	CVE-2016-3955 on Ubuntu 16.04 LTS (xenial) - medium.	2016-07-03

BACK