Published: 04/11/2017 Updated: 14/03/2024

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.6 | Impact Score: 5.9 | Exploitability Score: 0.7

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel up to and including 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 7.0
canonical ubuntu linux 17.10
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04

Several security issues were fixed in the Linux kernel ...

The get_endpoints function in drivers/usb/misc/usbtestc in the Linux kernel through 41311 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device ...

CWE-476 https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3617-2/https://usn.ubuntu.com/3617-1/https://usn.ubuntu.com/3619-1/https://usn.ubuntu.com/3617-3/https://usn.ubuntu.com/3619-2/https://usn.ubuntu.com/3754-1/https://nvd.nist.gov https://usn.ubuntu.com/3617-2/

CVE-2017-16532

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect