CVE-2017-18079
Ubuntu Security Notice USN-3655-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
drivers/input/serio/i8042.c en el kernel de Linux en versiones anteriores a la 4.12.4 permite que atacantes provoquen una denegaciĆ³n de servicio (desreferencia de puntero NULL y cierre inesperado del sistema) o que, posiblemente, tengan otro tipo de impacto sin especificar debido a que el valor port->exists puede cambiar tras ser validado.
Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service or possibly gain administrative privileges in the host. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-28 CVE Reserved
- 2018-01-29 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102895 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/3655-1 | 2023-02-07 | |
| https://usn.ubuntu.com/3655-2 | 2023-02-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.2.94 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.94" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.16.49 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.16.49" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.63" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.44" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.79" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.40" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.12.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.12.4" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||