Denial of Service Vulnerability in Linux Kernel USB over IP Module
CVE-2017-16914

5.9MEDIUM

Key Information:

Vendor

Flexera Software Llc

Status
Linux Kernel
Vendor
CVE Published:
31 January 2018

What is CVE-2017-16914?

The 'stub_send_ret_submit()' function in the Linux Kernel, prior to specific version updates, is susceptible to a denial of service condition. A specially crafted USB over IP packet can lead to a NULL pointer dereference, potentially crashing the service and disrupting operations. Users running unsupported versions of the kernel should update to mitigate this vulnerability and ensure system integrity.

Affected Version(s)

Linux Kernel Before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107

References

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4....
x_refsource_MISC
https://secuniaresearch.flexerasoftware.com/secunia_resea...
x_refsource_MISC
https://www.debian.org/security/2018/dsa-4187
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.