{"alias":[],"description":"drivers\/usb\/serial\/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.","epss":{"percentile":"0.06069","score":"0.000210"},"id":"CVE-2016-3137","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"LOW","access_vector":"LOCAL","authentication":"NONE","availability_impact":"COMPLETE","base_score":4.9,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":3.9,"impact_score":6.9,"integrity_impact":"NONE","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":0,"vector_string":"AV:L\/AC:L\/Au:N\/C:N\/I:N\/A:C","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"PHYSICAL","availability_impact":"HIGH","base_score":4.6,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":0.9,"impact_score":3.6,"integrity_impact":"NONE","privileges_required":"NONE","scope":"UNCHANGED","user_interaction":"NONE","vector_string":"CVSS:3.0\/AV:P\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","version":"3.0"}},"modified":"2026-05-06T22:30:45","nvd_status":"Modified","published":"2016-05-02T10:59:36","score":4.6,"severity":"MEDIUM","source":"security@opentext.com","status":"PUBLISHED","weaknesses":[]}