drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/102025 | Third Party Advisory VDB Entry |
| https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb | Issue Tracking Patch Third Party Advisory |
| https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ | Issue Tracking Patch Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html | Mailing List Third Party Advisory |
| https://usn.ubuntu.com/3754-1/ | Third Party Advisory |
| https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Jul 2024, 15:31
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/102025 - Third Party Advisory, VDB Entry | |
| References | () https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html - Mailing List, Third Party Advisory | |
| References | () https://usn.ubuntu.com/3754-1/ - Third Party Advisory | |
| References | () https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory |
Information
Published : 2017-11-04 01:29
Updated : 2024-07-17 15:31
NVD link : CVE-2017-16531
Mitre link : CVE-2017-16531
CVE.ORG link : CVE-2017-16531
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer