{"vulnerability": "CVE-2017-16533", "sightings": [{"uuid": "f9550c03-9a85-4ee9-89bc-b72e7b555c95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-16533", "type": "seen", "source": "https://t.me/HackerOne/1214", "content": "12 vulnerabilities found with syzkaller ( Linux kernel fuzzer) in the Linux kernel USB subsystem\n\n1- USB: serial: console: fix use-after-free on disconnect ( CVE-2017-16525 ) \n\nPatched : https://github.com/torvalds/linux/commit/299d7572e46f98534033a9e65973f13ad1ce9047\n\n2- uwb: properly check kthread_run return value ( CVE-2017-16526 )\n\nPatched : https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043\n\n3- ALSA: usb-audio: Kill stray URB at exiting ( CVE-2017-16527  )\n\nPatched : https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4\n\n4- ALSA: seq: Cancel pending autoload work at unbinding device ( CVE-2017-16528 )\n\nPatched : https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57\n\n5- ALSA: usb-audio: Check out-of-bounds access by corrupted buffer ( CVE-2017-16529 )\n\nPatched : https://github.com/torvalds/linux/commit/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991\n\n6- USB: uas: fix bug in handling of alternate settings ( CVE-2017-16530 )\n\nPatched : https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4\n\n7- USB: fix out-of-bounds in usb_set_configuration (  CVE-2017-16531 )\n\nPatched :  https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb\n\n8- usb: usbtest: fix NULL pointer dereference ( CVE-2017-16532 )\n\nPatched : https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8\n\n9- HID: usbhid: fix out-of-bounds bug ( CVE-2017-16533  )\n\nPatched : https://github.com/torvalds/linux/commit/f043bfc98c193c284e2cd768fefabe18ac2fed9b\n\n10- USB: core: harden cdc_parse_cdc_header ( CVE-2017-16534 )\n\nPatched : https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb\n\n11- USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() ( CVE-2017-16535 )\n\nPatched : https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e\n\n12- dvb-usb-v2: lmedm04: Improve logic checking of warm start ( CVE-2017-16538 )\n\nPatched : https://patchwork.linuxtv.org/patch/44566/", "creation_timestamp": "2017-11-06T16:55:44.000000Z"}]}