Denial of Service Risk in Linux Kernel USB Handling by Linux Foundation
CVE-2017-16913

5.9MEDIUM

Key Information:

Vendor

Flexera Software Llc

Status
Linux Kernel
Vendor
CVE Published:
31 January 2018

What is CVE-2017-16913?

The vulnerability arises from the 'stub_recv_cmd_submit()' function in the Linux Kernel, which improperly manages CMD_SUBMIT packets. Attackers can exploit this flaw by sending specially crafted USB over IP packets, leading to arbitrary memory allocation issues and ultimately causing a denial of service. This affects various Linux Kernel versions prior to the specified updates, highlighting the importance of timely patch management to safeguard against potential system disruptions.

Affected Version(s)

Linux Kernel Before version 4.14.8, 4.9.71, and 4.4.114

References

https://secuniaresearch.flexerasoftware.com/secunia_resea...
x_refsource_MISC
https://www.debian.org/security/2018/dsa-4187
vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/3619-2/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.