Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16913

Опубликовано: 07 дек. 2017
Источник: redhat
CVSS3: 5.3
EPSS Средний

Описание

The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.

Improper input validation in drivers/usb/usbip/stub_rx.c:stub_recv_cmd_submit() in the Linux kernel, when handling CMD_SUBMIT packets, allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9 LE, as the code with the flaw is not enabled and is not built in the products listed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1541888kernel: Improper validation in usbip/stub_rx.c:stub_recv_cmd_submit() allows for denial of service via crafted USB over IP CMD_SUBMIT packet

EPSS

Процентиль: 93%
0.11081
Средний

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-16913

CVSS3: 5.9
ubuntu
около 8 лет назад

The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.

nvd логотип

CVE-2017-16913

CVSS3: 5.9
nvd
около 8 лет назад

The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.

debian логотип

CVE-2017-16913

CVSS3: 5.9
debian
около 8 лет назад

The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in ...

github логотип

GHSA-7664-52jg-xm5v

CVSS3: 5.9
github
больше 3 лет назад

The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.

fstec логотип

BDU:2018-00575

CVSS3: 5.9
fstec
около 8 лет назад

Уязвимость функции stub_recv_cmd_submit ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%
0.11081
Средний

5.3 Medium

CVSS3