UBUNTU-CVE-2015-7833

Details

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.

Affected Packages(26 packages)

linux

Ubuntu 14.04 LTS

Fixed in:

3.13.0-101.148

linux-lts-utopic

Ubuntu 14.04 LTS

Fixed in:

3.16.0-69.89~14.04.1

linux-lts-vivid

Ubuntu 14.04 LTS

Fixed in:

3.19.0-74.82~14.04.1

linux-lts-wily

Ubuntu 14.04 LTS

Fixed in:

4.2.0-35.40~14.04.1

linux-lts-xenial

Ubuntu 14.04 LTS

Fixed in:

4.4.0-22.39~14.04.1

linux

Ubuntu 16.04 LTS

Fixed in:

4.4.0-22.39

linux-raspi2

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1010.12

linux-snapdragon

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1013.14

linux-hwe

Ubuntu 18.04 LTS

Affected versions:

4.18.0-13.14~18.04.14.18.0-14.15~18.04.14.18.0-15.16~18.04.14.18.0-16.17~18.04.14.18.0-17.18~18.04.14.18.0-18.19~18.04.14.18.0-20.21~18.04.14.18.0-21.22~18.04.14.18.0-22.23~18.04.14.18.0-24.25~18.04.1+33 more

linux-hwe-edge

Ubuntu 18.04 LTS

Affected versions:

5.0.0-15.16~18.04.15.0.0-16.17~18.04.15.0.0-17.18~18.04.15.0.0-19.20~18.04.15.0.0-20.21~18.04.15.3.0-19.20~18.04.25.3.0-22.24~18.04.15.3.0-23.25~18.04.15.3.0-23.25~18.04.25.3.0-24.26~18.04.2

References

REPORT

http://seclists.org/bugtraq/2015/Oct/35

REPORT

http://www.os-s.net/advisories/DOS-KernelCrashesOnInvalidUSBDeviceDescriptors-UsbvisionDriver.pdf

REPORT

https://bugzilla.redhat.com/show_bug.cgi?id=1201858

REPORT

https://ubuntu.com/security/CVE-2015-7833

ADVISORY

https://ubuntu.com/security/notices/USN-2929-1

ADVISORY