CVE-2016-2384
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
Vulnerabilidad de liberación doble en la función snd_usbmidi_create en sound/usb/midi.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos causar una denegación de servicio (pánico) o posiblemente tener otro impacto no especificado a través de vectores que implican un descriptor USB inválido.
A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges.
Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-02-14 CVE Reserved
- 2016-02-22 First Exploit
- 2016-03-04 CVE Published
- 2024-08-05 CVE Updated
- 2025-05-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (41)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/02/14/2 | Mailing List |
|
| http://www.securityfocus.com/bid/83256 | Vdb Entry | |
| http://www.securitytracker.com/id/1035072 | Vdb Entry | |
| https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/142488 | 2017-05-12 | |
| https://www.exploit-db.com/exploits/41999 | 2016-02-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.4.8 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.4.8" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Suse Linux Enterprise Real Time Extension Search vendor "Novell" for product "Suse Linux Enterprise Real Time Extension" | 12 Search vendor "Novell" for product "Suse Linux Enterprise Real Time Extension" and version "12" | sp1 |
Affected
| ||||||