Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-8924

Опубликовано: 06 мар. 2017
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates of the Red Hat products. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1451399kernel: Information leak in completion handler in edge_bulk_in_callback function

EPSS

Процентиль: 22%
0.0007
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-8924

CVSS3: 4.6
ubuntu
около 8 лет назад

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.

nvd логотип

CVE-2017-8924

CVSS3: 4.6
nvd
около 8 лет назад

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.

debian логотип

CVE-2017-8924

CVSS3: 4.6
debian
около 8 лет назад

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in th ...

github логотип

GHSA-c76w-89q6-h938

CVSS3: 4.6
github
около 3 лет назад

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.

oracle-oval логотип

ELSA-2020-5881

oracle-oval
больше 4 лет назад

ELSA-2020-5881: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 22%
0.0007
Низкий

4.3 Medium

CVSS3

Уязвимость CVE-2017-8924