PT-2017-1920 · Linux+1 · Linux Kernel+1

Published

2017-01-31

Updated

2017-04-27

CVE-2017-8072

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.9.x through 4.9.8

Description The issue is related to the cp2112 gpio direction input function in the Linux kernel, which does not handle errors correctly for zero-length reports. This could allow local users to have an unspecified impact via unknown vectors. The error handling issue in the function may be exploited by a local attacker to achieve an unspecified outcome.

Recommendations For Linux kernel versions 4.9.x through 4.9.8, update to version 4.9.9 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-388

Related Identifiers

ALT-PU-2017-1127

ALT-PU-2017-1152

BDU:2017-01080

CVE-2017-8072

Affected Products

Alt Linux

Linux Kernel

PT-2017-1920 · Linux+1 · Linux Kernel+1

CVE-2017-8072

Weakness Enumeration

Related Identifiers

Affected Products

References · 15