CVE-2017-18360

Опубликовано: 11 мая 2017

Источник: redhat

CVSS3: 4.7

EPSS Низкий

Описание

In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.

A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Will not fix
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2018:3096	30.10.2018
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2018:3083	30.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-369

https://bugzilla.redhat.com/show_bug.cgi?id=1671343kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service

EPSS

Процентиль: 12%

0.00041

Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2017-18360

CVSS3: 5.5

ubuntu

больше 6 лет назад

CVE-2017-18360

CVSS3: 5.5

nvd

больше 6 лет назад

CVE-2017-18360

CVSS3: 5.5

debian

больше 6 лет назад

In change_port_settings in drivers/usb/serial/io_ti.c in the Linux ker ...

GHSA-7hhv-rch7-rfmj

CVSS3: 5.5

github

около 3 лет назад

ELSA-2019-4642

oracle-oval

около 6 лет назад

ELSA-2019-4642: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 12%

0.00041

Низкий

4.7 Medium

CVSS3