PT-2017-2103 · Linux+3 · Linux Kernel+3

Pengfei Wang

Published

2017-05-07

Updated

2024-06-15

CVE-2017-8831

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.11.5

Description The issue is related to a memory leak in the saa7164 bus get function. It may allow a local attacker to cause a denial of service or have other unspecified impacts by exploiting an out-of-bounds array access, also referred to as a "double fetch" vulnerability. This can be achieved by changing a certain sequence-number value.

Recommendations For Linux kernel versions prior to 4.11.5, update to version 4.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the saa7164 bus get function in the drivers/media/pci/saa7164/saa7164-bus.c file to minimize the risk of exploitation.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2017-1854

ALT-PU-2018-1991

BDU:2017-01272

CVE-2017-8831

DLA-1200-1

OPENSUSE-SU-2017_2169-1

OPENSUSE-SU-2017_2171-1

OPENSUSE-SU-2024:10728-1

OPENSUSE-SU-2024:13704-1

SUSE-SU-2017:2286-1

SUSE-SU-2017:2525-1

SUSE-SU-2017:2694-1

SUSE-SU-2017:2869-1

SUSE-SU-2017:2908-1

SUSE-SU-2017:2920-1

SUSE-SU-2017:2956-1

SUSE-SU-2017:3265-1

USN-3420-1

USN-3420-2

USN-3754-1

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2017-2103 · Linux+3 · Linux Kernel+3

CVE-2017-8831

Weakness Enumeration

Related Identifiers

Affected Products

References · 758