PT-2017-2103 · Linux+3 · Linux Kernel+3

Pengfei Wang

Publicado

2017-05-07

Atualizado

2024-06-15

CVE-2017-8831

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.11.5

Description The issue is related to a memory leak in the saa7164 bus get function. It may allow a local attacker to cause a denial of service or have other unspecified impacts by exploiting an out-of-bounds array access, also referred to as a "double fetch" vulnerability. This can be achieved by changing a certain sequence-number value.

Recommendations For Linux kernel versions prior to 4.11.5, update to version 4.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the saa7164 bus get function in the drivers/media/pci/saa7164/saa7164-bus.c file to minimize the risk of exploitation.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2017-1854

ALT-PU-2018-1991

BDU:2017-01272

CVE-2017-8831

DLA-1200-1

OPENSUSE-SU-2017_2169-1

OPENSUSE-SU-2017_2171-1

OPENSUSE-SU-2024:10728-1

OPENSUSE-SU-2024:13704-1

SUSE-SU-2017:2286-1

SUSE-SU-2017:2525-1

SUSE-SU-2017:2694-1

SUSE-SU-2017:2869-1

SUSE-SU-2017:2908-1

SUSE-SU-2017:2920-1

SUSE-SU-2017:2956-1

SUSE-SU-2017:3265-1

USN-3420-1

USN-3420-2

USN-3754-1

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2017-2103 · Linux+3 · Linux Kernel+3

CVE-2017-8831

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 758