Published: 12/05/2017 Updated: 16/04/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.6 | Impact Score: 3.6 | Exploitability Score: 0.9

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel prior to 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 8.0
debian debian linux 9.0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured CVE ...

Several security issues were fixed in the Linux kernel ...

The edge_bulk_in_callback function in drivers/usb/serial/io_tic in the Linux kernel allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow ...

CWE-191 https://github.com/torvalds/linux/commit/654b404f2a222f918af9b0cd18ad469d0c941a8e http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e http://www.securityfocus.com/bid/98451 http://www.debian.org/security/2017/dsa-3886 https://nvd.nist.gov https://www.debian.org/security/./dsa-3886 https://usn.ubuntu.com/3360-1/

CVE-2017-8924

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect