Kernel Memory Disclosure in Linux Driver Affecting Linux Kernel Products
CVE-2017-16911

4.7MEDIUM

Key Information:

Vendor

Flexera Software Llc

Status
Linux Kernel
Vendor
CVE Published:
31 January 2018

What is CVE-2017-16911?

The vhci_hcd driver in Linux Kernel prior to versions 4.14.8 and 4.4.114 has a security flaw that enables local attackers to disclose sensitive kernel memory addresses when a USB device is attached over IP. This vulnerability presents a potential risk for unauthorized access to memory space, potentially leading to further exploitation. Users are advised to update their Linux Kernels to the latest versions to mitigate this risk.

Affected Version(s)

Linux Kernel Before version 4.14.8 and 4.4.114

References

https://www.debian.org/security/2018/dsa-4187
vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/3619-2/
vendor-advisoryx_refsource_UBUNTU
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4....
x_refsource_MISC

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.