CVE-2017-17558
kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
La función usb_destroy_configuration en drivers/usb/core/config.c en el subsistema del núcleo USB en el kernel de Linux hasta la versión 4.14.5 no considera el máximo número de configuraciones e interfaces antes de intentar liberar recursos. Esto permite que usuarios locales provoquen una denegación de servicio (acceso de escritura fuera de límites) o, posiblemente, tengan otro tipo de impacto sin especificar mediante un dispositivo USB manipulado.
The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-12 CVE Reserved
- 2017-12-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2017/12/12/7 | Mailing List | |
| https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html | Mailing List |
|
| https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.spinics.net/lists/linux-usb/msg163644.html | 2019-05-14 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html | 2019-05-14 | |
| https://access.redhat.com/errata/RHSA-2018:0676 | 2019-05-14 | |
| https://access.redhat.com/errata/RHSA-2018:1062 | 2019-05-14 | |
| https://access.redhat.com/errata/RHSA-2019:1170 | 2019-05-14 | |
| https://access.redhat.com/errata/RHSA-2019:1190 | 2019-05-14 | |
| https://usn.ubuntu.com/3619-1 | 2019-05-14 | |
| https://usn.ubuntu.com/3619-2 | 2019-05-14 | |
| https://usn.ubuntu.com/3754-1 | 2019-05-14 | |
| https://www.debian.org/security/2017/dsa-4073 | 2019-05-14 | |
| https://www.debian.org/security/2018/dsa-4082 | 2019-05-14 | |
| https://access.redhat.com/security/cve/CVE-2017-17558 | 2019-05-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1525474 | 2019-05-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.14.5 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.14.5" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | extra |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | sp4 |
Affected
| ||||||