CVE-2017-17975
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.
Uso de memoria previamente liberada en la función usbtv_probe en drivers/media/usb/usbtv/usbtv-core.c en el kernel de Linux hasta la versión 4.14.10 permite que atacantes provoquen una denegación de servicio (cierre inesperado del sistema) o, posiblemente, causen otro tipo de impacto sin especificar desencadenando un error de registro de audio. Esto se debe a que un kfree de la estructura de datos usbtv ocurre durante una llamada usbtv_video_free, pero el código de la etiqueta usbtv_video_fail intenta acceder y liberar esta estructura de datos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-29 CVE Reserved
- 2017-12-30 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html | Issue Tracking | |
http://www.securityfocus.com/bid/102330 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/3653-1 | 2018-05-24 | |
https://usn.ubuntu.com/3653-2 | 2018-05-24 | |
https://usn.ubuntu.com/3654-1 | 2018-05-24 | |
https://usn.ubuntu.com/3654-2 | 2018-05-24 | |
https://usn.ubuntu.com/3656-1 | 2018-05-24 | |
https://usn.ubuntu.com/3657-1 | 2018-05-24 | |
https://www.debian.org/security/2018/dsa-4188 | 2018-05-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.14.10 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.14.10" | - |
Affected
|