CVE-2016-3139
Publication date 27 April 2016
Last updated 25 August 2025
Ubuntu priority
Description
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-armadaxp | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-flo | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-goldfish | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-grouper | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-omap | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-shared | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-vexpress | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-quantal | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-raring | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-saucy | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-utopic | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-vivid | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-wily | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty |
Not affected
|
|
| linux-maguro | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-mako | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-manta | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-qcm-msm | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty | Not in release | |
| linux-ti-omap4 | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.6 · Medium
|
| Attack vector | Physical |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Other references
- http://www.openwall.com/lists/oss-security/2016/03/14/5
- http://seclists.org/bugtraq/2016/Mar/60
- http://www.spinics.net/lists/linux-input/msg42294.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1283375
- https://bugzilla.redhat.com/attachment.cgi?id=1099056 (patch)
- https://www.cve.org/CVERecord?id=CVE-2016-3139