SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel Double-Free Memory Error in usb-midi Driver Lets Physically Local Users Crash the System or Execute Arbitrary Code
SecurityTracker Alert ID:  1035072
SecurityTracker URL:  http://securitytracker.com/id/1035072
CVE Reference:   CVE-2016-2384   (Links to External Site)
Date:  Feb 23 2016
Impact:   Denial of service via local system, Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in the Linux kernel. A physically local user can cause denial of service conditions or execute arbitrary code on the target system.

A physically local user can connect a USB device to the target system to trigger a double-free memory error and cause the kernel to crash or potentially execute arbitrary code.

The vulnerability was discovered using KASAN and vUSBf.

The original advisory and demonstration exploit is available at:

https://xairy.github.io/blog/2016/cve-2016-2384

Andrey Konovalov reported this vulnerability.

Impact:   A physically local user can execute arbitrary on the target system with kernel-level privileges.

A physically local user can cause the target system to crash.

Solution:   The vendor has issued a source code fix, available at:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 15 2016 (Ubuntu Issues Fix) Linux Kernel Double-Free Memory Error in usb-midi Driver Lets Physically Local Users Crash the System or Execute Arbitrary Code
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS.
Nov 4 2016 (Red Hat Issues Fix) Linux Kernel Double-Free Memory Error in usb-midi Driver Lets Physically Local Users Crash the System or Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Mar 21 2017 (Red Hat Issues Fix) Linux Kernel Double-Free Memory Error in usb-midi Driver Lets Physically Local Users Crash the System or Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC