CVE-2016-3689

NameCVE-2016-3689
DescriptionThe ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2fixed
buster (security)4.19.269-1fixed
bullseye5.10.158-2fixed
bullseye (security)5.10.162-1fixed
bookworm, sid6.1.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcewheezy(not affected)
linuxsourcejessie3.16.36-1
linuxsource(unstable)4.5.1-1

Notes

[wheezy] - linux <not-affected> (Vulnerable code not present)
Upstream fix: https://git.kernel.org/linus/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff (v4.6-rc1)
https://bugzilla.suse.com/show_bug.cgi?id=971628
https://bugzilla.redhat.com/show_bug.cgi?id=1320060

Search for package or bug name: Reporting problems