CVE-2016-2782

medium

Published 2016-04-27 · Modified 2026-05-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

4.6

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.6

Description

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

Predictions

Exploit likelihood

66%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2016-2782 NameCVE-2016-2782 DescriptionThe treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. SourceCVE (at NVD; CERT, ENISA, LWN,…

CVE-2016-2782

Name	CVE-2016-2782
Description	The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.257-1	fixed
	bookworm	6.1.170-3	fixed
	bookworm (security)	6.1.172-1	fixed
	trixie	6.12.86-1	fixed
	trixie (security)	6.12.90-1	fixed
	forky	7.0.9-1	fixed
	sid	7.0.10-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
linux	source	wheezy	3.2.78-1
linux	source	jessie	3.16.7-ckt25-1
linux	source	(unstable)	4.4.2-1
linux-2.6	source	(unstable)	(unfixed)

Notes

Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2)

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2)

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-39539 dos linux

OpenSource Security · 2016-03-09

Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor 'treo_attach' Nullpointer Dereference

Source code queued for fetch — refresh in a moment.

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`4.4.2-1`
debian	bullseye	fixed	`4.4.2-1`
debian	forky	fixed	`4.4.2-1`
debian	sid	fixed	`4.4.2-1`
debian	trixie	fixed	`4.4.2-1`
suse	12	affected
suse	11	affected
linux-kernel		affected	`4.5.0`
linux-kernel	4.5.0	affected

Application impact

Vendor	Product	Versions	Fixed
suse	linux_enterprise_debuginfo	`11`
suse	linux_enterprise_module_for_public_cloud	`12`

References

CWEs

CWE-476

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.