[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99536

 
 

909

 
 

80128

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-17558

Date: (C)2017-12-13   (M)2018-01-09 


The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

CVSS Score: 4.3Access Vector:
Exploit Score: Access Complexity:
Impact Score: Authentication:
 Confidentiality:
 Integrity:
 Availability:





Reference:
DSA-4073
http://openwall.com/lists/oss-security/2017/12/12/7
https://www.spinics.net/lists/linux-usb/msg163644.html

OVAL    3
oval:org.secpod.oval:def:603222
oval:org.secpod.oval:def:113790
oval:org.secpod.oval:def:113806

© 2013 SecPod Technologies