PT-2017-3304 · Linux+2 · Linux Kernel+2

Andrey Konovalov

Publicado

2017-11-06

Atualizado

2024-06-15

CVE-2017-16647

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.13.11

Description The issue is related to a function in the Linux kernel, specifically asix suspend in drivers/net/usb/asix devices.c, which is associated with pointer dereference errors. This can be exploited by a local attacker using a crafted USB device, potentially leading to a denial of service (NULL pointer dereference and system crash) or other unspecified impacts.

Recommendations For Linux kernel versions through 4.13.11, update to a version later than 4.13.11 to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2017-2604

ALT-PU-2018-1991

BDU:2018-00069

CVE-2017-16647

OPENSUSE-SU-2024:10728-1

OPENSUSE-SU-2024:13704-1

USN-3617-1

USN-3617-2

USN-3617-3

Produtos afetados

Alt Linux

Linux Kernel

Ubuntu

PT-2017-3304 · Linux+2 · Linux Kernel+2

CVE-2017-16647

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 242