CVE-2017-13168
Ubuntu Security Notice USN-3820-3
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.
Existe una vulnerabilidad de elevación de privilegios en el controlador SCSI del kernel. Producto: Android. Versiones: Android kernel. Android ID: A-65023233.
It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-23 CVE Reserved
- 2017-12-06 CVE Published
- 2024-09-16 CVE Updated
- 2025-07-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (8)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://source.android.com/security/bulletin/pixel/2017-12-01 | 2019-10-03 | |
https://usn.ubuntu.com/3753-1 | 2019-10-03 | |
https://usn.ubuntu.com/3753-2 | 2019-10-03 | |
https://usn.ubuntu.com/3820-1 | 2019-10-03 | |
https://usn.ubuntu.com/3820-2 | 2019-10-03 | |
https://usn.ubuntu.com/3820-3 | 2019-10-03 | |
https://usn.ubuntu.com/3822-1 | 2019-10-03 | |
https://usn.ubuntu.com/3822-2 | 2019-10-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
|