PT-2017-3605 · Linux+3 · Linux Kernel+3

Jakub Jirasek

Publicado

2015-10-06

Atualizado

2018-08-24

CVE-2017-16914

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.14.8 Linux Kernel versions prior to 4.9.71 Linux Kernel versions prior to 4.1.49 Linux Kernel versions prior to 4.4.107

Description: The issue is related to errors in handling null pointer dereferences in the stub send ret submit() function, located in the drivers/usb/usbip/stub tx.c file of the Linux Kernel. This can be exploited by a remote attacker using a specially crafted USB over IP packet, potentially leading to a denial of service.

Recommendations: For Linux Kernel versions prior to 4.14.8, update to version 4.14.8 or later. For Linux Kernel versions prior to 4.9.71, update to version 4.9.71 or later. For Linux Kernel versions prior to 4.1.49, update to version 4.1.49 or later. For Linux Kernel versions prior to 4.4.107, update to version 4.4.107 or later.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2015-1834

ALT-PU-2016-1262

ALT-PU-2017-1299

ALT-PU-2017-2818

ALT-PU-2017-2819

BDU:2018-00574

CVE-2017-16914

DLA-1369-1

DSA-4187-1

MGASA-2018-0107

SUSE-SU-2018:0834-1

SUSE-SU-2018:0848-1

SUSE-SU-2018:1080-1

SUSE-SU-2018:1172-1

SUSE-SU-2018:1309-1

USN-3619-1

USN-3619-2

USN-3754-1

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2017-3605 · Linux+3 · Linux Kernel+3

CVE-2017-16914

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 248