Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-15102

Опубликовано: 19 сент. 2016
Источник: redhat
CVSS3: 6.3

Описание

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2, as this flaw was fixed in 7.4 release.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1505905kernel: NULL pointer dereference due to race condition in probe function of legousbtower driver

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-15102

CVSS3: 6.3
ubuntu
больше 7 лет назад

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

nvd логотип

CVE-2017-15102

CVSS3: 6.3
nvd
больше 7 лет назад

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

debian логотип

CVE-2017-15102

CVSS3: 6.3
debian
больше 7 лет назад

The tower_probe function in drivers/usb/misc/legousbtower.c in the Lin ...

github логотип

GHSA-484w-4xhh-mhmf

CVSS3: 6.3
github
около 3 лет назад

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

oracle-oval логотип

ELSA-2019-4854

oracle-oval
больше 5 лет назад

ELSA-2019-4854: Unbreakable Enterprise kernel security update (IMPORTANT)

6.3 Medium

CVSS3