Published: 12/12/2017 Updated: 14/05/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.6 | Impact Score: 5.9 | Exploitability Score: 0.7

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel up to and including 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
suse linux enterprise server 11

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, potentially leading to a use-after-free ...

Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

Several security issues were fixed in the Linux kernel ...

The usb_destroy_configuration() function, in 'drivers/usb/core/configc' in the USB core subsystem, in the Linux kernel through 4145 does not consider the maximum number of configurations and interfaces before attempting to release resources This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have ...

The usb_destroy_configuration function in drivers/usb/core/configc in the USB core subsystem in the Linux kernel before 4148, 4971, 44107, 31889, 31652 and 3297 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-boun ...

CWE-787 https://www.spinics.net/lists/linux-usb/msg163644.html http://openwall.com/lists/oss-security/2017/12/12/7 https://www.debian.org/security/2017/dsa-4073 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html https://www.debian.org/security/2018/dsa-4082 https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html https://usn.ubuntu.com/3619-1/https://usn.ubuntu.com/3619-2/https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:0676 https://usn.ubuntu.com/3754-1/https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://nvd.nist.gov https://www.debian.org/security/./dsa-4073 https://usn.ubuntu.com/3619-2/

CVE-2017-17558

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect