CVE-2016-2384: arbitrary code execution due to a double-free in the usb-midi linux kernel driver

CVE-2016-2384: arbitrary code execution due to a double-free in the usb-midi linux kernel driver

CVE-2016-2384: arbitrary code execution due to a double-free in the usb-midi linux kernel driver

0

CVE-2016-2384 describes an interesting vulnerability within the usb-midi linux kernel driver. There is an extensive blog post on xairy’s github blog. The exploit can be either used for DOS (you’ll need physical access) or to execute code (you’ll need both physical and local access).

 

CVE-2016-2384 CVSS v2

Base Score 4.7
Base Metrics AV:L/AC:M/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

 

Further Information

Thanks to  Andrey Konovalov @andreyknvl for submitting this via the Telegram IT Security Alert submission page. This news entry has been posted to our IT Security Alert Telegram channel.