PT-2017-15136 · Linux+3 · Linux Kernel+3

Tuba Yavuz

Published

2017-12-29

Updated

2018-07-09

CVE-2017-17975

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.14.11

Description The issue is related to a use-after-free error in the usbtv probe function, which can cause a system crash or potentially have other unspecified impacts. This occurs when the audio registration fails, leading to a kfree of the usbtv data structure during a usbtv video free call, but the code attempts to access and free this data structure again.

Recommendations For Linux kernel versions prior to 4.14.11, update to version 4.14.11 or later to resolve the issue. As a temporary workaround, consider disabling the usbtv probe function until a patch is available. Restrict access to the usbtv module to minimize the risk of exploitation. Avoid using the usbtv video free function in conjunction with the usbtv video fail label until the issue is resolved.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2018-1016

ALT-PU-2018-1991

CVE-2017-17975

DSA-4188-1

OPENSUSE-SU-2018_0781-1

SUSE-SU-2018:0785-1

SUSE-SU-2018:0786-1

SUSE-SU-2018:0986-1

USN-3653-1

USN-3653-2

USN-3654-1

USN-3654-2

USN-3656-1

USN-3657-1

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2017-15136 · Linux+3 · Linux Kernel+3

CVE-2017-17975

Weakness Enumeration

Related Identifiers

Affected Products

References · 262