suse · CVE-2016-3140

Quick triage

Priority: medium Published: 2021-05-30 13:40:27 UTC Updated: 2025-05-17 23:59:44 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-3140 severity moderate: SUSE including 225 source package names (kernel-bigsmp-3.0.101-0.47.79.1, kernel-bigsmp-base-3.0.101-0.47.79.1, …), 542 product×package rows across 81 product lines (HPE Helion OpenStack 8, SUSE Enterprise Storage 7.1, … (81 product lines)): Fixed 352, Known Not Affected 190.

Description:

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

cvelogic Threat Intelligence