CVE-2016-2384 describes an interesting vulnerability within the usb-midi linux kernel driver. There is an extensive blog post on xairy’s github blog. The exploit can be either used for DOS (you’ll need physical access) or to execute code (you’ll need both physical and local access).

CVE-2016-2384 CVSS v2

Base Score 4.7 Base Metrics AV:L/AC:M/Au:N/C:N/I:N/A:C Access Vector Local Access Complexity Medium Authentication None Confidentiality Impact None Integrity Impact None Availability Impact Complete

Further Information

Thanks to Andrey Konovalov @andreyknvl for submitting this via the Telegram IT Security Alert submission page. This news entry has been posted to our IT Security Alert Telegram channel.