CVE-2015-4002

Published: Jun 7, 2015Modified: May 6, 2026

9.0

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:C

Exploitability: 10.0 / Impact: 8.5

Source: NVD

Description

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.

Affected (10)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Opensuse: Opensuse

1 product

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.4.109
Linux Linux Kernel	From 3.11 to 3.12.45
Linux Linux Kernel	From 3.13 to 3.14.45
Linux Linux Kernel	From 3.15 to 3.16.35
Linux Linux Kernel	From 3.17 to 3.18.18
Linux Linux Kernel	From 3.19 to 4.0.6
Linux Linux Kernel	From 3.5 to 3.10.81

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8

Source: cve@mitre.org

Vendor Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://openwall.com/lists/oss-security/2015/06/05/7

Source: cve@mitre.org

Mailing List

http://www.securityfocus.com/bid/74668

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2665-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2667-1

Source: cve@mitre.org

Third Party Advisory

https://github.com/torvalds/linux/commit/9a59029bc218b48eff8b5d4dde5662fd79d3e1a8

Source: cve@mitre.org

Vendor Advisory

https://github.com/torvalds/linux/commit/d114b9fe78c8d6fc6e70808c2092aa307c36dc8e

Source: cve@mitre.org

Vendor Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://openwall.com/lists/oss-security/2015/06/05/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.securityfocus.com/bid/74668

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2665-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ubuntu.com/usn/USN-2667-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/torvalds/linux/commit/9a59029bc218b48eff8b5d4dde5662fd79d3e1a8

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/torvalds/linux/commit/d114b9fe78c8d6fc6e70808c2092aa307c36dc8e

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.