exploitDog

CVE-2017-16532

Опубликовано: 04 нояб. 2017

Источник: nvd

CVSS3: 6.6

CVSS2: 7.2

EPSS Низкий

Описание

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Ссылки

https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8
Patch
Third Party Advisory
https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3617-1/
Third Party Advisory
https://usn.ubuntu.com/3617-2/
Third Party Advisory
https://usn.ubuntu.com/3617-3/
Third Party Advisory
https://usn.ubuntu.com/3619-1/
Third Party Advisory
https://usn.ubuntu.com/3619-2/
Third Party Advisory
https://usn.ubuntu.com/3754-1/
Third Party Advisory
https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8
Patch
Third Party Advisory
https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3617-1/
Third Party Advisory
https://usn.ubuntu.com/3617-2/
Third Party Advisory
https://usn.ubuntu.com/3617-3/
Third Party Advisory
https://usn.ubuntu.com/3619-1/
Third Party Advisory
https://usn.ubuntu.com/3619-2/
Third Party Advisory
https://usn.ubuntu.com/3754-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 3.2.95 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.3 (включая) до 3.16.50 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.17 (включая) до 3.18.82 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.19 (включая) до 4.1.47 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.2 (включая) до 4.4.99 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.9.63 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.13.14 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00079

Низкий

6.6 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2017-16532

CVSS3: 6.6

ubuntu

больше 7 лет назад

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

CVE-2017-16532

CVSS3: 4.6

redhat

больше 7 лет назад

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

CVE-2017-16532

CVSS3: 6.6

debian

больше 7 лет назад

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux ...

GHSA-rf35-pm73-38q6

CVSS3: 6.6

github

около 3 лет назад

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

BDU:2017-02565

CVSS3: 6.6

fstec

больше 7 лет назад

Уязвимость функции get_endpoints ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

EPSS

Процентиль: 24%

0.00079

Низкий

6.6 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-476