CVE-2017-16538
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
drivers/media/usb/dvb-usb-v2/lmedm04.c en el kernel de Linux hasta la versión 4.13.10 permite que los usuarios locales provoquen una denegación de servicio (fallo de protección general y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. Esto está relacionado con la falta de una comprobación de arranque en caliente y una sincronización incorrecta de attach (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-03 CVE Reserved
- 2017-11-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://patchwork.linuxtv.org/patch/44566 | 2018-08-24 | |
| https://patchwork.linuxtv.org/patch/44567 | 2018-08-24 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html | 2018-08-24 | |
| https://usn.ubuntu.com/3631-1 | 2018-08-24 | |
| https://usn.ubuntu.com/3631-2 | 2018-08-24 | |
| https://usn.ubuntu.com/3754-1 | 2018-08-24 | |
| https://www.debian.org/security/2017/dsa-4073 | 2018-08-24 | |
| https://www.debian.org/security/2018/dsa-4082 | 2018-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.13.11 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.13.11" | - |
Affected
| ||||||