PT-2017-3153 · Linux+2 · Linux Kernel+2

Andrey Konovalov

Publicado

2017-10-11

Atualizado

2024-07-17

CVE-2017-16532

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.13.11

Description The issue is related to the get endpoints function in drivers/usb/misc/usbtest.c, which can cause a denial of service due to a NULL pointer dereference and system crash when a crafted USB device is used. This could potentially have other unspecified impacts. The issue can be exploited by local users.

Recommendations For Linux kernel versions through 4.13.11, update to a version later than 4.13.11 to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2017-2604

ALT-PU-2018-1991

BDU:2017-02565

CVE-2017-16532

DLA-1200-1

USN-3617-1

USN-3617-2

USN-3617-3

USN-3619-1

USN-3619-2

USN-3754-1

Produtos afetados

Alt Linux

Linux Kernel

Ubuntu

PT-2017-3153 · Linux+2 · Linux Kernel+2

CVE-2017-16532

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 126