6.3
CVSSv3

CVE-2017-15102

Published: 15/11/2017 Updated: 08/05/2019
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 6.3 | Impact Score: 5.9 | Exploitability Score: 0.4
VMScore: 615
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel prior to 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

redhat enterprise linux 6.0

redhat enterprise linux 5.0

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

Vendor Advisories

Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
The tower_probe function in drivers/usb/misc/legousbtowerc in the Linux kernel before 481 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference ...