Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-426
Vulnerability from certfr_avis - Published: 2017-11-22 - Updated: 2017-11-22
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 17.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-12190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12190"
},
{
"name": "CVE-2017-12153",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12153"
},
{
"name": "CVE-2017-16527",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16527"
},
{
"name": "CVE-2017-15649",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15649"
},
{
"name": "CVE-2017-16531",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16531"
},
{
"name": "CVE-2017-14954",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14954"
},
{
"name": "CVE-2017-16525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16525"
},
{
"name": "CVE-2017-16530",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16530"
},
{
"name": "CVE-2017-15537",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15537"
},
{
"name": "CVE-2017-12154",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12154"
},
{
"name": "CVE-2017-14489",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14489"
},
{
"name": "CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"name": "CVE-2017-12188",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12188"
},
{
"name": "CVE-2017-16534",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16534"
},
{
"name": "CVE-2017-16533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16533"
},
{
"name": "CVE-2017-1000255",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000255"
},
{
"name": "CVE-2017-16526",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16526"
},
{
"name": "CVE-2017-14156",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14156"
},
{
"name": "CVE-2017-16529",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16529"
},
{
"name": "CVE-2017-12192",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12192"
}
],
"initial_release_date": "2017-11-22T00:00:00",
"last_revision_date": "2017-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-426",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2017-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3488-1",
"url": "https://usn.ubuntu.com/usn/usn-3488-1/"
},
{
"published_at": "2017-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3487-1",
"url": "https://usn.ubuntu.com/usn/usn-3487-1/"
}
]
}
CVE-2017-15537 (GCVE-0-2017-15537)
Vulnerability from cvelistv5 – Published: 2017-10-17 18:00 – Updated: 2024-08-05 19:57
VLAI
EPSS
Summary
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/torvalds/linux/commit/814fb7bb… | x_refsource_CONFIRM |
| http://www.kernel.org/pub/linux/kernel/v4.x/Chang… | x_refsource_CONFIRM |
| https://source.android.com/security/bulletin/pixe… | x_refsource_CONFIRM |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_CONFIRM |
Date Public
2017-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T22:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15537",
"datePublished": "2017-10-17T18:00:00.000Z",
"dateReserved": "2017-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:57:26.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15649 (GCVE-0-2017-15649)
Vulnerability from cvelistv5 – Published: 2017-10-19 22:00 – Updated: 2024-08-05 19:57
VLAI
EPSS
Summary
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_MISC |
| https://blogs.securiteam.com/index.php/archives/3484 | x_refsource_MISC |
| http://www.securityfocus.com/bid/101573 | vdb-entryx_refsource_BID |
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:0181 | vendor-advisoryx_refsource_REDHAT |
| http://patchwork.ozlabs.org/patch/813945/ | x_refsource_MISC |
| https://usn.ubuntu.com/3754-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:0152 | vendor-advisoryx_refsource_REDHAT |
| http://patchwork.ozlabs.org/patch/818726/ | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2018:0151 | vendor-advisoryx_refsource_REDHAT |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/4971613c… | x_refsource_MISC |
| http://www.kernel.org/pub/linux/kernel/v4.x/Chang… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/008ba2a1… | x_refsource_MISC |
Date Public
2017-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3484"
},
{
"name": "101573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101573"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "RHSA-2018:0181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://patchwork.ozlabs.org/patch/813945/"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "RHSA-2018:0152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://patchwork.ozlabs.org/patch/818726/"
},
{
"name": "RHSA-2018:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3484"
},
{
"name": "101573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101573"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "RHSA-2018:0181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://patchwork.ozlabs.org/patch/813945/"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "RHSA-2018:0152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://patchwork.ozlabs.org/patch/818726/"
},
{
"name": "RHSA-2018:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3484",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3484"
},
{
"name": "101573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101573"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "RHSA-2018:0181",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"name": "http://patchwork.ozlabs.org/patch/813945/",
"refsource": "MISC",
"url": "http://patchwork.ozlabs.org/patch/813945/"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "RHSA-2018:0152",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"name": "http://patchwork.ozlabs.org/patch/818726/",
"refsource": "MISC",
"url": "http://patchwork.ozlabs.org/patch/818726/"
},
{
"name": "RHSA-2018:0151",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e"
},
{
"name": "https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6",
"refsource": "MISC",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6"
},
{
"name": "https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15649",
"datePublished": "2017-10-19T22:00:00.000Z",
"dateReserved": "2017-10-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:57:27.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16525 (GCVE-0-2017-16525)
Vulnerability from cvelistv5 – Published: 2017-11-04 01:00 – Updated: 2024-08-05 20:27
VLAI
EPSS
Summary
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/102028 | vdb-entryx_refsource_BID |
| https://usn.ubuntu.com/3583-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://github.com/torvalds/linux/commit/299d7572… | x_refsource_MISC |
| https://usn.ubuntu.com/3583-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://groups.google.com/d/msg/syzkaller/cMACrmo… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/bd998c2e… | x_refsource_MISC |
Date Public
2017-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "102028",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102028"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/299d7572e46f98534033a9e65973f13ad1ce9047"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/syzkaller/cMACrmo1x0k/4KhRoUgABAAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/bd998c2e0df0469707503023d50d46cf0b10c787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "102028",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102028"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/299d7572e46f98534033a9e65973f13ad1ce9047"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/syzkaller/cMACrmo1x0k/4KhRoUgABAAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/bd998c2e0df0469707503023d50d46cf0b10c787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "102028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102028"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "https://github.com/torvalds/linux/commit/299d7572e46f98534033a9e65973f13ad1ce9047",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/299d7572e46f98534033a9e65973f13ad1ce9047"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "https://groups.google.com/d/msg/syzkaller/cMACrmo1x0k/4KhRoUgABAAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/cMACrmo1x0k/4KhRoUgABAAJ"
},
{
"name": "https://github.com/torvalds/linux/commit/bd998c2e0df0469707503023d50d46cf0b10c787",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/bd998c2e0df0469707503023d50d46cf0b10c787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16525",
"datePublished": "2017-11-04T01:00:00.000Z",
"dateReserved": "2017-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:27:03.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16526 (GCVE-0-2017-16526)
Vulnerability from cvelistv5 – Published: 2017-11-04 01:00 – Updated: 2024-08-05 20:27
VLAI
EPSS
Summary
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2018/dsa-4187 | vendor-advisoryx_refsource_DEBIAN |
| https://usn.ubuntu.com/3754-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://groups.google.com/d/msg/syzkaller/zROBxKX… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/bbf26183… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
Date Public
2017-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ"
},
{
"name": "https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16526",
"datePublished": "2017-11-04T01:00:00.000Z",
"dateReserved": "2017-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:27:03.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16527 (GCVE-0-2017-16527)
Vulnerability from cvelistv5 – Published: 2017-11-04 01:00 – Updated: 2024-08-05 20:27
VLAI
EPSS
Summary
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/torvalds/linux/commit/124751d5… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/3754-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://groups.google.com/d/msg/syzkaller/jf7GTr_… | x_refsource_MISC |
Date Public
2017-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16527",
"datePublished": "2017-11-04T01:00:00.000Z",
"dateReserved": "2017-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:27:03.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16529 (GCVE-0-2017-16529)
Vulnerability from cvelistv5 – Published: 2017-11-04 01:00 – Updated: 2024-08-05 20:27
VLAI
EPSS
Summary
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| https://groups.google.com/d/msg/syzkaller/rDzv5RP… | x_refsource_MISC |
| https://usn.ubuntu.com/3754-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://github.com/torvalds/linux/commit/bfc81a8b… | x_refsource_MISC |
| http://www.securityfocus.com/bid/103284 | vdb-entryx_refsource_BID |
Date Public
2017-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:04.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/syzkaller/rDzv5RP_f2M/M5au06qmAwAJ"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991"
},
{
"name": "103284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/syzkaller/rDzv5RP_f2M/M5au06qmAwAJ"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991"
},
{
"name": "103284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "https://groups.google.com/d/msg/syzkaller/rDzv5RP_f2M/M5au06qmAwAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/rDzv5RP_f2M/M5au06qmAwAJ"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "https://github.com/torvalds/linux/commit/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991"
},
{
"name": "103284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16529",
"datePublished": "2017-11-04T01:00:00.000Z",
"dateReserved": "2017-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:27:04.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16530 (GCVE-0-2017-16530)
Vulnerability from cvelistv5 – Published: 2017-11-04 01:00 – Updated: 2024-08-05 20:27
VLAI
EPSS
Summary
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/d/msg/syzkaller/pCswO77… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/786de92b… | x_refsource_MISC |
Date Public
2017-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/syzkaller/pCswO77gRlM/VHuPOftgAwAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-04T05:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/syzkaller/pCswO77gRlM/VHuPOftgAwAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/d/msg/syzkaller/pCswO77gRlM/VHuPOftgAwAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/pCswO77gRlM/VHuPOftgAwAJ"
},
{
"name": "https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16530",
"datePublished": "2017-11-04T01:00:00.000Z",
"dateReserved": "2017-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:27:03.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16531 (GCVE-0-2017-16531)
Vulnerability from cvelistv5 – Published: 2017-11-04 01:00 – Updated: 2024-08-05 20:27
VLAI
EPSS
Summary
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/3754-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://groups.google.com/d/msg/syzkaller/hP6L-m5… | x_refsource_MISC |
| http://www.securityfocus.com/bid/102025 | vdb-entryx_refsource_BID |
| https://github.com/torvalds/linux/commit/bd7a3fe7… | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
Date Public
2017-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ"
},
{
"name": "102025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:40:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ"
},
{
"name": "102025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ"
},
{
"name": "102025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102025"
},
{
"name": "https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16531",
"datePublished": "2017-11-04T01:00:00.000Z",
"dateReserved": "2017-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:27:03.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16533 (GCVE-0-2017-16533)
Vulnerability from cvelistv5 – Published: 2017-11-04 01:00 – Updated: 2024-08-05 20:27
VLAI
EPSS
Summary
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| https://github.com/torvalds/linux/commit/f043bfc9… | x_refsource_MISC |
| https://usn.ubuntu.com/3754-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/102026 | vdb-entryx_refsource_BID |
| https://groups.google.com/d/msg/syzkaller/CxkJ9QZ… | x_refsource_MISC |
Date Public
2017-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/f043bfc98c193c284e2cd768fefabe18ac2fed9b"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "102026",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/syzkaller/CxkJ9QZgwlM/O3IOvAaGAwAJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/f043bfc98c193c284e2cd768fefabe18ac2fed9b"
},
{
"name": "USN-3754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "102026",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/syzkaller/CxkJ9QZgwlM/O3IOvAaGAwAJ"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "https://github.com/torvalds/linux/commit/f043bfc98c193c284e2cd768fefabe18ac2fed9b",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/f043bfc98c193c284e2cd768fefabe18ac2fed9b"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "102026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102026"
},
{
"name": "https://groups.google.com/d/msg/syzkaller/CxkJ9QZgwlM/O3IOvAaGAwAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/CxkJ9QZgwlM/O3IOvAaGAwAJ"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16533",
"datePublished": "2017-11-04T01:00:00.000Z",
"dateReserved": "2017-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:27:03.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16534 (GCVE-0-2017-16534)
Vulnerability from cvelistv5 – Published: 2017-11-04 01:00 – Updated: 2024-08-05 20:27
VLAI
EPSS
Summary
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://groups.google.com/d/msg/syzkaller/nXnjqI7… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/2e1c4239… | x_refsource_MISC |
Date Public
2017-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:04.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2018:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/syzkaller/nXnjqI73uPo/6sUyq6kqAgAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2018:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/syzkaller/nXnjqI73uPo/6sUyq6kqAgAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name": "https://groups.google.com/d/msg/syzkaller/nXnjqI73uPo/6sUyq6kqAgAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/nXnjqI73uPo/6sUyq6kqAgAJ"
},
{
"name": "https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16534",
"datePublished": "2017-11-04T01:00:00.000Z",
"dateReserved": "2017-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:27:04.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…