Detections
Analytics
Multiple Kernel Versions with Multiple Vulnerabilities
medium Log Correlation Engine Plugin ID 802014
Synopsis
The specific Linux kernel that the system is running is reportedly affected by multiple vulnerabilities.Description
The following vulnerabilities affect kernel versions that fall below the following on the same branch.Kernel 4.4.7
Kernel 3.14.66
Kernel 4.5.1
Kernel 3.12.58
Kernel 3.18.32
Kernel 4.1.23
Kernel 3.2.80
Kernel 3.10.102
The specific Linux kernel version that the system is running is reportedly affected by the following vulnerabilities:
- Linux Kernel contains a flaw in the cypress_m8 driver that is triggered during the handling of a specially crafted USB device. This may allow a physically present attacker to crash the system. (CVE-2016-3137)
- Linux Kernel contains a flaw in the mct_u232_m8 driver that is triggered during the handling of a specially crafted USB device. This may allow a physically present attacker to crash the system. (CVE-2016-3136)
Solution
It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.See Also
https://bugzilla.redhat.com/show_bug.cgi?id=1316996
https://bugzilla.redhat.com/show_bug.cgi?id=1283368
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.66
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.58
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.32
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.23
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.80
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.102
https://www.suse.com/support/update/announcement/2016/suse-su-20161203-1.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00000.html
http://www.ubuntu.com/usn/usn-2965-1/
http://www.ubuntu.com/usn/usn-2965-2/
http://www.ubuntu.com/usn/usn-2965-3/
http://www.ubuntu.com/usn/usn-2965-4/
http://www.ubuntu.com/usn/usn-2968-1/
http://www.ubuntu.com/usn/usn-2968-2/
http://www.ubuntu.com/usn/usn-2970-1/
http://www.ubuntu.com/usn/usn-2971-2/
http://www.ubuntu.com/usn/usn-2971-1/
http://www.ubuntu.com/usn/usn-2971-3/
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html
http://pivotal.io/security/usn-2970-1
http://www.ubuntu.com/usn/usn-2996-1/
www.ubuntu.com/usn/usn-2997-1/
www.ubuntu.com/usn/usn-2998-1/
http://www.ubuntu.com/usn/usn-3000-1/
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
https://www.debian.org/security/2016/dsa-3607
http://seclists.org/oss-sec/2016/q1/604
http://seclists.org/bugtraq/2016/Mar/55
http://seclists.org/bugtraq/2016/Jun/105
https://os-s.net/advisories/OSS-2016-07_cypress_m8.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=1317007
https://bugzilla.redhat.com/show_bug.cgi?id=1283370
http://seclists.org/oss-sec/2016/q1/603
Plugin Details
Severity: Medium
ID: 802014
Family: Operating System Detection
Published: 8/29/2016
Vulnerability Information
Patch Publication Date: 4/12/2016
Vulnerability Publication Date: 3/9/2016
Reference Information
CVE: CVE-2016-3136, CVE-2016-3137