Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16911

Опубликовано: 31 янв. 2018
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.

The usbip/vhci_sysfs.c:port_show_vhci() in the vhci_hcd driver of the Linux kernel, before version 4.14.8 and 4.4.114, allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE, as the code with the flaw is not enabled and is not built in the products listed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-214
https://bugzilla.redhat.com/show_bug.cgi?id=1541876kernel: vhci_cd driver in usbip/vhci_sysfs.c:port_show_vhci() discloses kernel memory addresses to local attackers

EPSS

Процентиль: 19%
0.00059
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-16911

CVSS3: 4.7
ubuntu
около 8 лет назад

The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.

nvd логотип

CVE-2017-16911

CVSS3: 4.7
nvd
около 8 лет назад

The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.

debian логотип

CVE-2017-16911

CVSS3: 4.7
debian
около 8 лет назад

The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4. ...

github логотип

GHSA-2jvq-qwww-m6j5

CVSS3: 4.7
github
больше 3 лет назад

The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.

suse-cvrf логотип

SUSE-SU-2018:1309-1

suse-cvrf
больше 7 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 19%
0.00059
Низкий

3.3 Low

CVSS3