PT-2017-3605 · Linux+3 · Linux Kernel+3

Jakub Jirasek

Published

2015-10-06

Updated

2018-08-24

CVE-2017-16914

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.14.8 Linux Kernel versions prior to 4.9.71 Linux Kernel versions prior to 4.1.49 Linux Kernel versions prior to 4.4.107

Description: The issue is related to errors in handling null pointer dereferences in the stub send ret submit() function, located in the drivers/usb/usbip/stub tx.c file of the Linux Kernel. This can be exploited by a remote attacker using a specially crafted USB over IP packet, potentially leading to a denial of service.

Recommendations: For Linux Kernel versions prior to 4.14.8, update to version 4.14.8 or later. For Linux Kernel versions prior to 4.9.71, update to version 4.9.71 or later. For Linux Kernel versions prior to 4.1.49, update to version 4.1.49 or later. For Linux Kernel versions prior to 4.4.107, update to version 4.4.107 or later.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2015-1834

ALT-PU-2016-1262

ALT-PU-2017-1299

ALT-PU-2017-2818

ALT-PU-2017-2819

BDU:2018-00574

CVE-2017-16914

DLA-1369-1

DSA-4187-1

MGASA-2018-0107

SUSE-SU-2018:0834-1

SUSE-SU-2018:0848-1

SUSE-SU-2018:1080-1

SUSE-SU-2018:1172-1

SUSE-SU-2018:1309-1

USN-3619-1

USN-3619-2

USN-3754-1

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2017-3605 · Linux+3 · Linux Kernel+3

CVE-2017-16914

Weakness Enumeration

Related Identifiers

Affected Products

References · 248