Denial of Service Vulnerability in Linux Kernel USB over IP Function
CVE-2017-16912

5.9MEDIUM

Key Information:

Vendor

Flexera Software Llc

Status
Linux Kernel
Vendor
CVE Published:
31 January 2018

What is CVE-2017-16912?

The Linux Kernel features a vulnerability in the 'get_pipe()' function located in the drivers/usb/usbip/stub_rx.c file, which can lead to a denial of service via an out-of-bounds read. This occurs when specially crafted USB over IP packets are processed, potentially causing system instability or crashes. The issue affects several versions of the kernel and highlights the importance of applying timely security updates.

Affected Version(s)

Linux Kernel Before version 4.14.8, 4.9.71, and 4.4.114

References

https://secuniaresearch.flexerasoftware.com/secunia_resea...
x_refsource_MISC
https://www.debian.org/security/2018/dsa-4187
vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/3619-2/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.