Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-5549

Опубликовано: 10 янв. 2017
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.

It was found that current implementation of kl5kusb105 driver failed to detect short transfers when attempting to read the line state and logged the content of the uninitialized heap transfer buffer.

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-209
https://bugzilla.redhat.com/show_bug.cgi?id=1416114kernel: Incorrect line-state error handling

EPSS

Процентиль: 25%
0.00082
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-5549

CVSS3: 5.5
ubuntu
больше 8 лет назад

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.

nvd логотип

CVE-2017-5549

CVSS3: 5.5
nvd
больше 8 лет назад

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.

debian логотип

CVE-2017-5549

CVSS3: 5.5
debian
больше 8 лет назад

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105. ...

github логотип

GHSA-286m-rx96-29m7

CVSS3: 5.5
github
больше 3 лет назад

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.

fstec логотип

BDU:2017-00292

CVSS3: 5.5
fstec
больше 8 лет назад

Уязвимость операционной системы Linux, позволяющая нарушителю получить конфиденциальную информацию

EPSS

Процентиль: 25%
0.00082
Низкий

3.3 Low

CVSS3