#VU91383 Division by zero in Linux kernel - CVE-2015-4003

Cybersecurity Help s.r.o.

Published: 2015-06-08 | Updated: 2023-01-20

Vulnerability identifier: #VU91383

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-4003

CWE-ID: CWE-369

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the oz_usb_handle_ep_data() function in drivers/staging/ozwpan/ozusbsvc1.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://openwall.com/lists/oss-security/2015/06/05/7
https://github.com/torvalds/linux/commit/04bf464a5dfd9ade0dda918e44366c2c61fce80b
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b
https://www.securityfocus.com/bid/74668
https://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
https://www.ubuntu.com/usn/USN-2667-1
https://www.ubuntu.com/usn/USN-2665-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Division by zero in Linux kernel staging ozwpan driver