CVE-2017-15102

Published: 15/11/2017 Updated: 08/05/2019

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 6.3 | Impact Score: 5.9 | Exploitability Score: 0.4

VMScore: 615

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel prior to 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux 6.0
redhat enterprise linux 5.0
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04

Several security issues were fixed in the Linux kernel ...

The tower_probe function in drivers/usb/misc/legousbtowerc in the Linux kernel before 481 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference ...

CWE-476 https://github.com/torvalds/linux/commit/2fae9e5a7babada041e2e161699ade2447a01989 https://bugzilla.redhat.com/show_bug.cgi?id=1505905 http://seclists.org/oss-sec/2017/q4/238 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2fae9e5a7babada041e2e161699ade2447a01989 http://www.securityfocus.com/bid/101790 https://usn.ubuntu.com/3583-2/https://usn.ubuntu.com/3583-1/https://nvd.nist.gov https://usn.ubuntu.com/3583-2/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-15102

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect