CVE-2017-7273

Опубликовано: 27 мар. 2017

Источник: redhat

CVSS3: 4.6

EPSS Низкий

Описание

The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.

An integer underflow flaw was found in the way the Linux kernel handles crafted Cypress HID (Human Interface Device) reports. An attacker with physical access to the system could use this flaw to crash the system and cause a denial of service (DoS).

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel	Affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1437435kernel: HID: integer underflow in cp_report_fixup() (drivers/hid/hid-cypress.c)

EPSS

Процентиль: 26%

0.00088

Низкий

4.6 Medium

CVSS3

Связанные уязвимости

CVE-2017-7273

CVSS3: 6.6

ubuntu

около 8 лет назад

CVE-2017-7273

CVSS3: 6.6

nvd

около 8 лет назад

CVE-2017-7273

CVSS3: 6.6

debian

около 8 лет назад

The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux ...

GHSA-v5mm-56c6-4662

CVSS3: 6.6

github

около 3 лет назад

ELSA-2017-3595

oracle-oval

почти 8 лет назад

ELSA-2017-3595: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 26%

0.00088

Низкий

4.6 Medium

CVSS3