certfr_avis - certfr-2018-avi-170

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 LTS
Ubuntu	Ubuntu	Ubuntu 17.10 sur Raspberry Pi 2
Ubuntu	Ubuntu	Ubuntu 12.04 ESM

CVE-2017-15129 (GCVE-0-2017-15129)

Vulnerability from cvelistv5

Published

2018-01-09 19:00

Modified

2024-08-05 19:50

Severity ?

CWE

CWE-362

Summary

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://marc.info/?l=linux-netdev&m=151370451121029&w=2	x_refsource_MISC
	https://marc.info/?t=151370468900001&r=1&w=2	x_refsource_MISC
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1531174	x_refsource_MISC
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11	x_refsource_MISC
	https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1062	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0654	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2017-15129	x_refsource_MISC
	http://www.securityfocus.com/bid/102485	vdb-entry, x_refsource_BID
	http://seclists.org/oss-sec/2018/q1/7	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:0676	vendor-advisory, x_refsource_REDHAT
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0	x_refsource_MISC
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:1946	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	Linux kernel v4.0-rc1 through v4.15-rc5	Version: Linux kernel v4.0-rc1 through v4.15-rc5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:50:15.698Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://marc.info/?l=linux-netdev\u0026m=151370451121029\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://marc.info/?t=151370468900001\u0026r=1\u0026w=2"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0"
          },
          {
            "name": "RHSA-2018:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1062"
          },
          {
            "name": "RHSA-2018:0654",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0654"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2017-15129"
          },
          {
            "name": "102485",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102485"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2018/q1/7"
          },
          {
            "name": "RHSA-2018:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "RHSA-2019:1946",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1946"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel v4.0-rc1 through v4.15-rc5",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel v4.0-rc1 through v4.15-rc5"
            }
          ]
        }
      ],
      "datePublic": "2018-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-30T12:06:06",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://marc.info/?l=linux-netdev\u0026m=151370451121029\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://marc.info/?t=151370468900001\u0026r=1\u0026w=2"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531174"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0"
        },
        {
          "name": "RHSA-2018:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1062"
        },
        {
          "name": "RHSA-2018:0654",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0654"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2017-15129"
        },
        {
          "name": "102485",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102485"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/oss-sec/2018/q1/7"
        },
        {
          "name": "RHSA-2018:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0676"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "RHSA-2019:1946",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1946"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-15129",
    "datePublished": "2018-01-09T19:00:00",
    "dateReserved": "2017-10-08T00:00:00",
    "dateUpdated": "2024-08-05T19:50:15.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17558 (GCVE-0-2017-17558)

Vulnerability from cvelistv5

Published

2017-12-12 15:00

Modified

2024-08-05 20:51

Severity ?

CWE

n/a

Summary

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1062	vendor-advisory, x_refsource_REDHAT
	http://openwall.com/lists/oss-security/2017/12/12/7	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:0676	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://www.spinics.net/lists/linux-usb/msg163644.html	x_refsource_MISC
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:1170	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1190	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:32.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
          },
          {
            "name": "SUSE-SU-2018:0011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "name": "RHSA-2018:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2017/12/12/7"
          },
          {
            "name": "RHSA-2018:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-usb/msg163644.html"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "RHSA-2019:1170",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1170"
          },
          {
            "name": "RHSA-2019:1190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1190"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:40:47",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
        },
        {
          "name": "SUSE-SU-2018:0011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "name": "RHSA-2018:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openwall.com/lists/oss-security/2017/12/12/7"
        },
        {
          "name": "RHSA-2018:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0676"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-usb/msg163644.html"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "RHSA-2019:1170",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1170"
        },
        {
          "name": "RHSA-2019:1190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1190"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
            },
            {
              "name": "SUSE-SU-2018:0011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "RHSA-2018:1062",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "http://openwall.com/lists/oss-security/2017/12/12/7",
              "refsource": "MISC",
              "url": "http://openwall.com/lists/oss-security/2017/12/12/7"
            },
            {
              "name": "RHSA-2018:0676",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "https://www.spinics.net/lists/linux-usb/msg163644.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-usb/msg163644.html"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "RHSA-2019:1170",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1170"
            },
            {
              "name": "RHSA-2019:1190",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1190"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17558",
    "datePublished": "2017-12-12T15:00:00",
    "dateReserved": "2017-12-12T00:00:00",
    "dateUpdated": "2024-08-05T20:51:32.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17807 (GCVE-0-2017-17807)

Vulnerability from cvelistv5

Published

2017-12-20 23:00

Modified

2024-08-05 20:59

Severity ?

CWE

n/a

Summary

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.

References

URL

Tags

	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/102301	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6	x_refsource_CONFIRM
	https://usn.ubuntu.com/3620-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:59:17.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b"
          },
          {
            "name": "102301",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102301"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6"
          },
          {
            "name": "USN-3620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-1/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task\u0027s \"default request-key keyring\" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b"
        },
        {
          "name": "102301",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102301"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6"
        },
        {
          "name": "USN-3620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-1/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17807",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task\u0027s \"default request-key keyring\" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b"
            },
            {
              "name": "102301",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102301"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6",
              "refsource": "CONFIRM",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6"
            },
            {
              "name": "USN-3620-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-1/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17807",
    "datePublished": "2017-12-20T23:00:00",
    "dateReserved": "2017-12-20T00:00:00",
    "dateUpdated": "2024-08-05T20:59:17.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17805 (GCVE-0-2017-17805)

Vulnerability from cvelistv5

Published

2017-12-20 23:00

Modified

2024-08-05 20:59

Severity ?

CWE

n/a

Summary

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/102291	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html	vendor-advisory, x_refsource_SUSE
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e	x_refsource_CONFIRM
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e	x_refsource_CONFIRM
	https://usn.ubuntu.com/3620-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2019:2473	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:59:17.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
          },
          {
            "name": "SUSE-SU-2018:0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
          },
          {
            "name": "SUSE-SU-2018:0011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "name": "openSUSE-SU-2018:0022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
          },
          {
            "name": "102291",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102291"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
          },
          {
            "name": "SUSE-SU-2018:0010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e"
          },
          {
            "name": "USN-3620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-1/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "openSUSE-SU-2018:0023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
          },
          {
            "name": "RHSA-2019:2473",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2473"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-13T17:06:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
        },
        {
          "name": "SUSE-SU-2018:0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
        },
        {
          "name": "SUSE-SU-2018:0011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "name": "openSUSE-SU-2018:0022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
        },
        {
          "name": "102291",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102291"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
        },
        {
          "name": "SUSE-SU-2018:0010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e"
        },
        {
          "name": "USN-3620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-1/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "openSUSE-SU-2018:0023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
        },
        {
          "name": "RHSA-2019:2473",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2473"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17805",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:3083",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
            },
            {
              "name": "SUSE-SU-2018:0012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
            },
            {
              "name": "SUSE-SU-2018:0011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "openSUSE-SU-2018:0022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
            },
            {
              "name": "102291",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102291"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
              "refsource": "CONFIRM",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
            },
            {
              "name": "SUSE-SU-2018:0010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e"
            },
            {
              "name": "USN-3620-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-1/"
            },
            {
              "name": "RHSA-2018:3096",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "openSUSE-SU-2018:0023",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
            },
            {
              "name": "RHSA-2019:2473",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2473"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17805",
    "datePublished": "2017-12-20T23:00:00",
    "dateReserved": "2017-12-20T00:00:00",
    "dateUpdated": "2024-08-05T20:59:17.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16647 (GCVE-0-2017-16647)

Vulnerability from cvelistv5

Published

2017-11-07 23:00

Modified

2024-08-05 20:27

Severity ?

CWE

n/a

Summary

drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://groups.google.com/d/msg/syzkaller/_9a6pd-p_0E/OnmnplQuAgAJ	x_refsource_MISC
	https://patchwork.ozlabs.org/patch/834686/	x_refsource_MISC
	http://www.securityfocus.com/bid/101767	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:04.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/d/msg/syzkaller/_9a6pd-p_0E/OnmnplQuAgAJ"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.ozlabs.org/patch/834686/"
          },
          {
            "name": "101767",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101767"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-05T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/d/msg/syzkaller/_9a6pd-p_0E/OnmnplQuAgAJ"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.ozlabs.org/patch/834686/"
        },
        {
          "name": "101767",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101767"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16647",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "https://groups.google.com/d/msg/syzkaller/_9a6pd-p_0E/OnmnplQuAgAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/d/msg/syzkaller/_9a6pd-p_0E/OnmnplQuAgAJ"
            },
            {
              "name": "https://patchwork.ozlabs.org/patch/834686/",
              "refsource": "MISC",
              "url": "https://patchwork.ozlabs.org/patch/834686/"
            },
            {
              "name": "101767",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101767"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16647",
    "datePublished": "2017-11-07T23:00:00",
    "dateReserved": "2017-11-07T00:00:00",
    "dateUpdated": "2024-08-05T20:27:04.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-11089 (GCVE-0-2017-11089)

Vulnerability from cvelistv5

Published

2017-11-16 22:00

Modified

2024-09-16 21:03

Severity ?

CWE

Buffer Over-read in WLAN

Summary

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes

References

URL

Tags

	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	https://source.android.com/security/bulletin/pixel/2017-11-01	x_refsource_CONFIRM
	https://usn.ubuntu.com/3620-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Android for MSM, Firefox OS for MSM, QRD Android	Version: All Android releases from CAF using the Linux kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:57.587Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
          },
          {
            "name": "USN-3620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android for MSM, Firefox OS for MSM, QRD Android",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "All Android releases from CAF using the Linux kernel"
            }
          ]
        }
      ],
      "datePublic": "2017-11-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Over-read in WLAN",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-05T09:57:01",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
        },
        {
          "name": "USN-3620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "DATE_PUBLIC": "2017-11-01T00:00:00",
          "ID": "CVE-2017-11089",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All Android releases from CAF using the Linux kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Over-read in WLAN"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
            },
            {
              "name": "USN-3620-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2017-11089",
    "datePublished": "2017-11-16T22:00:00Z",
    "dateReserved": "2017-07-07T00:00:00",
    "dateUpdated": "2024-09-16T21:03:37.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16532 (GCVE-0-2017-16532)

Vulnerability from cvelistv5

Published

2017-11-04 01:00

Modified

2024-08-05 20:27

Severity ?

CWE

n/a

Summary

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8	x_refsource_MISC
	https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ	x_refsource_MISC
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:04.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16532",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8"
            },
            {
              "name": "https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16532",
    "datePublished": "2017-11-04T01:00:00",
    "dateReserved": "2017-11-03T00:00:00",
    "dateUpdated": "2024-08-05T20:27:04.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17806 (GCVE-0-2017-17806)

Vulnerability from cvelistv5

Published

2017-12-20 23:00

Modified

2024-08-05 20:59

Severity ?

CWE

n/a

Summary

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3583-2/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1	x_refsource_CONFIRM
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/102293	vdb-entry, x_refsource_BID
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3583-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html	vendor-advisory, x_refsource_SUSE
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:59:17.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
          },
          {
            "name": "SUSE-SU-2018:0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
          },
          {
            "name": "USN-3583-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-2/"
          },
          {
            "name": "SUSE-SU-2018:0011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "openSUSE-SU-2018:0022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
          },
          {
            "name": "102293",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102293"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "USN-3583-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
          },
          {
            "name": "SUSE-SU-2018:0010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "openSUSE-SU-2018:0023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
        },
        {
          "name": "SUSE-SU-2018:0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
        },
        {
          "name": "USN-3583-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-2/"
        },
        {
          "name": "SUSE-SU-2018:0011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "openSUSE-SU-2018:0022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
        },
        {
          "name": "102293",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102293"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "USN-3583-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
        },
        {
          "name": "SUSE-SU-2018:0010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "openSUSE-SU-2018:0023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17806",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
            },
            {
              "name": "SUSE-SU-2018:0012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
            },
            {
              "name": "USN-3583-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "name": "SUSE-SU-2018:0011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "openSUSE-SU-2018:0022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
            },
            {
              "name": "102293",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102293"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "USN-3583-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
              "refsource": "CONFIRM",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
            },
            {
              "name": "SUSE-SU-2018:0010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "openSUSE-SU-2018:0023",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17806",
    "datePublished": "2017-12-20T23:00:00",
    "dateReserved": "2017-12-20T00:00:00",
    "dateUpdated": "2024-08-05T20:59:17.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16913 (GCVE-0-2017-16913)

Vulnerability from cvelistv5

Published

2018-01-31 22:00

Modified

2024-09-16 19:47

Severity ?

CWE

Denial of service (arbitrary memory allocation)

Summary

The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.

References

URL

Tags

	https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://secuniaresearch.flexerasoftware.com/advisories/80601/	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366	x_refsource_MISC
	https://www.spinics.net/lists/linux-usb/msg163480.html	x_refsource_MISC
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8	x_refsource_MISC
	http://www.securityfocus.com/bid/102150	vdb-entry, x_refsource_BID
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	Flexera Software LLC	Linux Kernel	Version: Before version 4.14.8, 4.9.71, and 4.4.114

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:21.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
          },
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/advisories/80601/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
          },
          {
            "name": "102150",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102150"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "Flexera Software LLC",
          "versions": [
            {
              "status": "affected",
              "version": "Before version 4.14.8, 4.9.71, and 4.4.114"
            }
          ]
        }
      ],
      "datePublic": "2018-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of service (arbitrary memory allocation)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
        },
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/advisories/80601/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
        },
        {
          "name": "102150",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102150"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "DATE_PUBLIC": "2018-01-31T00:00:00",
          "ID": "CVE-2017-16913",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Before version 4.14.8, 4.9.71, and 4.4.114"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Flexera Software LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service (arbitrary memory allocation)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
            },
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://secuniaresearch.flexerasoftware.com/advisories/80601/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/advisories/80601/"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366"
            },
            {
              "name": "https://www.spinics.net/lists/linux-usb/msg163480.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
            },
            {
              "name": "102150",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102150"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2017-16913",
    "datePublished": "2018-01-31T22:00:00Z",
    "dateReserved": "2017-11-21T00:00:00",
    "dateUpdated": "2024-09-16T19:47:31.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16537 (GCVE-0-2017-16537)

Vulnerability from cvelistv5

Published

2017-11-04 01:00

Modified

2024-08-05 20:27

Severity ?

CWE

n/a

Summary

The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://patchwork.kernel.org/patch/9994017/	x_refsource_MISC
	https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ	x_refsource_MISC
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:03.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/patch/9994017/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.kernel.org/patch/9994017/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://patchwork.kernel.org/patch/9994017/",
              "refsource": "MISC",
              "url": "https://patchwork.kernel.org/patch/9994017/"
            },
            {
              "name": "https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16537",
    "datePublished": "2017-11-04T01:00:00",
    "dateReserved": "2017-11-03T00:00:00",
    "dateUpdated": "2024-08-05T20:27:03.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000026 (GCVE-0-2018-1000026)

Vulnerability from cvelistv5

Published

2018-02-09 23:00

Modified

2024-08-05 12:33

Severity ?

CWE

n/a

Summary

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://patchwork.ozlabs.org/patch/859410/	x_refsource_MISC
	http://lists.openwall.net/netdev/2018/01/16/40	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	http://lists.openwall.net/netdev/2018/01/18/96	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3620-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:48.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.ozlabs.org/patch/859410/"
          },
          {
            "name": "[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.openwall.net/netdev/2018/01/16/40"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.openwall.net/netdev/2018/01/18/96"
          },
          {
            "name": "USN-3620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-1/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-01-18T00:00:00",
      "datePublic": "2018-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-03T11:06:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.ozlabs.org/patch/859410/"
        },
        {
          "name": "[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.openwall.net/netdev/2018/01/16/40"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.openwall.net/netdev/2018/01/18/96"
        },
        {
          "name": "USN-3620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-1/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "1/18/2018 7:01:42",
          "ID": "CVE-2018-1000026",
          "REQUESTER": "dja@axtens.net",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:3083",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "https://patchwork.ozlabs.org/patch/859410/",
              "refsource": "MISC",
              "url": "https://patchwork.ozlabs.org/patch/859410/"
            },
            {
              "name": "[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40",
              "refsource": "MLIST",
              "url": "http://lists.openwall.net/netdev/2018/01/16/40"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96",
              "refsource": "MLIST",
              "url": "http://lists.openwall.net/netdev/2018/01/18/96"
            },
            {
              "name": "USN-3620-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-1/"
            },
            {
              "name": "RHSA-2018:3096",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000026",
    "datePublished": "2018-02-09T23:00:00",
    "dateReserved": "2018-01-29T00:00:00",
    "dateUpdated": "2024-08-05T12:33:48.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5344 (GCVE-0-2018-5344)

Vulnerability from cvelistv5

Published

2018-01-12 09:00

Modified

2024-08-05 05:33

Severity ?

CWE

n/a

Summary

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/102503	vdb-entry, x_refsource_BID
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5	x_refsource_MISC
	https://usn.ubuntu.com/3583-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3583-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:43.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "102503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102503"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5"
          },
          {
            "name": "USN-3583-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-2/"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "USN-3583-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-1/"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "102503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102503"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5"
        },
        {
          "name": "USN-3583-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-2/"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "USN-3583-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-1/"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5344",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:3083",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "102503",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102503"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5"
            },
            {
              "name": "USN-3583-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "USN-3583-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "RHSA-2018:3096",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5344",
    "datePublished": "2018-01-12T09:00:00",
    "dateReserved": "2018-01-11T00:00:00",
    "dateUpdated": "2024-08-05T05:33:43.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16650 (GCVE-0-2017-16650)

Vulnerability from cvelistv5

Published

2017-11-07 23:00

Modified

2024-08-05 20:27

Severity ?

CWE

n/a

Summary

The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://patchwork.ozlabs.org/patch/834770/	x_refsource_MISC
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ	x_refsource_MISC
	http://www.securityfocus.com/bid/101791	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:04.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.ozlabs.org/patch/834770/"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ"
          },
          {
            "name": "101791",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101791"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.ozlabs.org/patch/834770/"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ"
        },
        {
          "name": "101791",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101791"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16650",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "https://patchwork.ozlabs.org/patch/834770/",
              "refsource": "MISC",
              "url": "https://patchwork.ozlabs.org/patch/834770/"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ"
            },
            {
              "name": "101791",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101791"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16650",
    "datePublished": "2017-11-07T23:00:00",
    "dateReserved": "2017-11-07T00:00:00",
    "dateUpdated": "2024-08-05T20:27:04.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5332 (GCVE-0-2018-5332)

Vulnerability from cvelistv5

Published

2018-01-11 07:00

Modified

2024-08-05 05:33

Severity ?

CWE

n/a

Summary

In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

References

URL

Tags

	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c	x_refsource_CONFIRM
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/102507	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:0470	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3620-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:43.754Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c"
          },
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "name": "102507",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102507"
          },
          {
            "name": "RHSA-2018:0470",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0470"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "USN-3620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-1/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-05T20:14:35",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c"
        },
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "name": "102507",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102507"
        },
        {
          "name": "RHSA-2018:0470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0470"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "USN-3620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-1/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5332",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c"
            },
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "102507",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102507"
            },
            {
              "name": "RHSA-2018:0470",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0470"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "USN-3620-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-1/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5332",
    "datePublished": "2018-01-11T07:00:00",
    "dateReserved": "2018-01-11T00:00:00",
    "dateUpdated": "2024-08-05T05:33:43.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5333 (GCVE-0-2018-5333)

Vulnerability from cvelistv5

Published

2018-01-11 07:00

Modified

2024-08-05 05:33

Severity ?

CWE

n/a

Summary

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3583-2/	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737	x_refsource_CONFIRM
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3583-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/102510	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:0470	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737	x_refsource_CONFIRM
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:43.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "USN-3583-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "USN-3583-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-1/"
          },
          {
            "name": "102510",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102510"
          },
          {
            "name": "RHSA-2018:0470",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0470"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-22T18:06:29",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "USN-3583-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "USN-3583-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-1/"
        },
        {
          "name": "102510",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102510"
        },
        {
          "name": "RHSA-2018:0470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0470"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "USN-3583-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "USN-3583-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "102510",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102510"
            },
            {
              "name": "RHSA-2018:0470",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0470"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5333",
    "datePublished": "2018-01-11T07:00:00",
    "dateReserved": "2018-01-11T00:00:00",
    "dateUpdated": "2024-08-05T05:33:43.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16911 (GCVE-0-2017-16911)

Vulnerability from cvelistv5

Published

2018-01-31 22:00

Modified

2024-09-16 23:06

Severity ?

CWE

Kernel memory address disclosure

Summary

The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114	x_refsource_MISC
	https://secuniaresearch.flexerasoftware.com/advisories/80454/	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5	x_refsource_MISC
	https://www.spinics.net/lists/linux-usb/msg163480.html	x_refsource_MISC
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8	x_refsource_MISC
	http://www.securityfocus.com/bid/102156	vdb-entry, x_refsource_BID
	https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	Flexera Software LLC	Linux Kernel	Version: Before version 4.14.8 and 4.4.114

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:21.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/advisories/80454/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
          },
          {
            "name": "102156",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102156"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "Flexera Software LLC",
          "versions": [
            {
              "status": "affected",
              "version": "Before version 4.14.8 and 4.4.114"
            }
          ]
        }
      ],
      "datePublic": "2018-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Kernel memory address disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/advisories/80454/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
        },
        {
          "name": "102156",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102156"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "DATE_PUBLIC": "2018-01-31T00:00:00",
          "ID": "CVE-2017-16911",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Before version 4.14.8 and 4.4.114"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Flexera Software LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Kernel memory address disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
            },
            {
              "name": "https://secuniaresearch.flexerasoftware.com/advisories/80454/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/advisories/80454/"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5"
            },
            {
              "name": "https://www.spinics.net/lists/linux-usb/msg163480.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
            },
            {
              "name": "102156",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102156"
            },
            {
              "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2017-16911",
    "datePublished": "2018-01-31T22:00:00Z",
    "dateReserved": "2017-11-21T00:00:00",
    "dateUpdated": "2024-09-16T23:06:46.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16912 (GCVE-0-2017-16912)

Vulnerability from cvelistv5

Published

2018-01-31 22:00

Modified

2024-09-17 03:48

Severity ?

CWE

Denial of service (out-of-bounds read)

Summary

The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.

References

URL

Tags

	https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114	x_refsource_MISC
	https://www.spinics.net/lists/linux-usb/msg163480.html	x_refsource_MISC
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43	x_refsource_MISC
	https://secuniaresearch.flexerasoftware.com/advisories/77000/	x_refsource_MISC
	http://www.securityfocus.com/bid/102150	vdb-entry, x_refsource_BID
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	Flexera Software LLC	Linux Kernel	Version: Before version 4.14.8, 4.9.71, and 4.4.114

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:21.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
          },
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/advisories/77000/"
          },
          {
            "name": "102150",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102150"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "Flexera Software LLC",
          "versions": [
            {
              "status": "affected",
              "version": "Before version 4.14.8, 4.9.71, and 4.4.114"
            }
          ]
        }
      ],
      "datePublic": "2018-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The \"get_pipe()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of service (out-of-bounds read)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
        },
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/advisories/77000/"
        },
        {
          "name": "102150",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102150"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "DATE_PUBLIC": "2018-01-31T00:00:00",
          "ID": "CVE-2017-16912",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Before version 4.14.8, 4.9.71, and 4.4.114"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Flexera Software LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The \"get_pipe()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service (out-of-bounds read)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
            },
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
            },
            {
              "name": "https://www.spinics.net/lists/linux-usb/msg163480.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43"
            },
            {
              "name": "https://secuniaresearch.flexerasoftware.com/advisories/77000/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/advisories/77000/"
            },
            {
              "name": "102150",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102150"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2017-16912",
    "datePublished": "2018-01-31T22:00:00Z",
    "dateReserved": "2017-11-21T00:00:00",
    "dateUpdated": "2024-09-17T03:48:33.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16994 (GCVE-0-2017-16994)

Vulnerability from cvelistv5

Published

2017-11-27 19:00

Modified

2024-08-05 20:43

Severity ?

CWE

n/a

Summary

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://bugs.chromium.org/p/project-zero/issues/detail?id=1431	x_refsource_CONFIRM
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://www.exploit-db.com/exploits/43178/	exploit, x_refsource_EXPLOIT-DB
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2	x_refsource_CONFIRM
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:0502	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c	x_refsource_CONFIRM
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/101969	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:57.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1431"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "43178",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43178/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c"
          },
          {
            "name": "RHSA-2018:0502",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0502"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "101969",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101969"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1431"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "43178",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43178/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c"
        },
        {
          "name": "RHSA-2018:0502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0502"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "101969",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101969"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1431",
              "refsource": "CONFIRM",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1431"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "43178",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43178/"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c"
            },
            {
              "name": "RHSA-2018:0502",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0502"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "101969",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101969"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16994",
    "datePublished": "2017-11-27T19:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T20:43:57.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-18208 (GCVE-0-2017-18208)

Vulnerability from cvelistv5

Published

2018-03-01 05:00

Modified

2024-08-05 21:13

Severity ?

CWE

n/a

Summary

The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisory, x_refsource_REDHAT
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91	x_refsource_MISC
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3653-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3655-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3655-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3653-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3657-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisory, x_refsource_REDHAT
	https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91	x_refsource_MISC
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:3967	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:4058	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:4057	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:13:49.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "USN-3653-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-2/"
          },
          {
            "name": "USN-3655-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-1/"
          },
          {
            "name": "USN-3655-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-2/"
          },
          {
            "name": "USN-3653-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-1/"
          },
          {
            "name": "USN-3657-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3657-1/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "RHSA-2019:3967",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3967"
          },
          {
            "name": "RHSA-2019:4058",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4058"
          },
          {
            "name": "RHSA-2019:4057",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4057"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-03T11:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "USN-3653-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-2/"
        },
        {
          "name": "USN-3655-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-1/"
        },
        {
          "name": "USN-3655-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-2/"
        },
        {
          "name": "USN-3653-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-1/"
        },
        {
          "name": "USN-3657-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3657-1/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "RHSA-2019:3967",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3967"
        },
        {
          "name": "RHSA-2019:4058",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4058"
        },
        {
          "name": "RHSA-2019:4057",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4057"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18208",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:3083",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4",
              "refsource": "MISC",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "USN-3653-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-2/"
            },
            {
              "name": "USN-3655-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "USN-3655-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "USN-3653-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-1/"
            },
            {
              "name": "USN-3657-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3657-1/"
            },
            {
              "name": "RHSA-2018:3096",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "RHSA-2019:3967",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3967"
            },
            {
              "name": "RHSA-2019:4058",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4058"
            },
            {
              "name": "RHSA-2019:4057",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4057"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18208",
    "datePublished": "2018-03-01T05:00:00",
    "dateReserved": "2018-02-28T00:00:00",
    "dateUpdated": "2024-08-05T21:13:49.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16995 (GCVE-0-2017-16995)

Vulnerability from cvelistv5

Published

2017-12-22 10:00

Modified

2024-08-05 20:43

Severity ?

CWE

incorrect sign extension

Summary

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.

References

URL

Tags

	https://www.exploit-db.com/exploits/45058/	exploit, x_refsource_EXPLOIT-DB
	https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f	x_refsource_MISC
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://bugs.chromium.org/p/project-zero/issues/detail?id=1454	x_refsource_MISC
	https://usn.ubuntu.com/3633-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/102288	vdb-entry, x_refsource_BID
	https://www.exploit-db.com/exploits/44298/	exploit, x_refsource_EXPLOIT-DB
	https://www.exploit-db.com/exploits/45010/	exploit, x_refsource_EXPLOIT-DB
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/usn/usn-3523-2/	vendor-advisory, x_refsource_UBUNTU
	http://openwall.com/lists/oss-security/2017/12/21/2	x_refsource_MISC
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: through 4.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:57.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "45058",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45058/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1454"
          },
          {
            "name": "USN-3633-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3633-1/"
          },
          {
            "name": "102288",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102288"
          },
          {
            "name": "44298",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44298/"
          },
          {
            "name": "45010",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45010/"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "name": "USN-3523-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-3523-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2017/12/21/2"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "through 4.4"
            }
          ]
        }
      ],
      "datePublic": "2017-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "incorrect sign extension",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-05T19:59:46",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "45058",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45058/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1454"
        },
        {
          "name": "USN-3633-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3633-1/"
        },
        {
          "name": "102288",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102288"
        },
        {
          "name": "44298",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44298/"
        },
        {
          "name": "45010",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45010/"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "name": "USN-3523-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-3523-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openwall.com/lists/oss-security/2017/12/21/2"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2017-16995",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "through 4.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "incorrect sign extension"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "45058",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45058/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1454",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1454"
            },
            {
              "name": "USN-3633-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3633-1/"
            },
            {
              "name": "102288",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102288"
            },
            {
              "name": "44298",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44298/"
            },
            {
              "name": "45010",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45010/"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "USN-3523-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/usn/usn-3523-2/"
            },
            {
              "name": "http://openwall.com/lists/oss-security/2017/12/21/2",
              "refsource": "MISC",
              "url": "http://openwall.com/lists/oss-security/2017/12/21/2"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2017-16995",
    "datePublished": "2017-12-22T10:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T20:43:57.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17450 (GCVE-0-2017-17450)

Vulnerability from cvelistv5

Published

2017-12-07 00:00

Modified

2024-08-05 20:51

Severity ?

CWE

n/a

Summary

net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.

References

URL

Tags

	http://www.securityfocus.com/bid/102110	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://lkml.org/lkml/2017/12/5/982	x_refsource_MISC
	https://usn.ubuntu.com/3583-2/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3583-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:31.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102110",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102110"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2017/12/5/982"
          },
          {
            "name": "USN-3583-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-2/"
          },
          {
            "name": "SUSE-SU-2018:0011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "USN-3583-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-1/"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "102110",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102110"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lkml.org/lkml/2017/12/5/982"
        },
        {
          "name": "USN-3583-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-2/"
        },
        {
          "name": "SUSE-SU-2018:0011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "USN-3583-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-1/"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17450",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102110",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102110"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "https://lkml.org/lkml/2017/12/5/982",
              "refsource": "MISC",
              "url": "https://lkml.org/lkml/2017/12/5/982"
            },
            {
              "name": "USN-3583-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "name": "SUSE-SU-2018:0011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "USN-3583-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17450",
    "datePublished": "2017-12-07T00:00:00",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-08-05T20:51:31.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-11472 (GCVE-0-2017-11472)

Vulnerability from cvelistv5

Published

2017-07-20 04:00

Modified

2024-08-05 18:12

Severity ?

CWE

n/a

Summary

The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

References

URL

Tags

	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f	x_refsource_CONFIRM
	https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6	x_refsource_CONFIRM
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:12:39.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-11472",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f"
            },
            {
              "name": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6",
              "refsource": "CONFIRM",
              "url": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-11472",
    "datePublished": "2017-07-20T04:00:00",
    "dateReserved": "2017-07-19T00:00:00",
    "dateUpdated": "2024-08-05T18:12:39.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17449 (GCVE-0-2017-17449)

Vulnerability from cvelistv5

Published

2017-12-07 00:00

Modified

2024-08-05 20:51

Severity ?

CWE

n/a

Summary

The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.

References

URL

Tags

	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://lkml.org/lkml/2017/12/5/950	x_refsource_MISC
	http://www.securityfocus.com/bid/102122	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:1062	vendor-advisory, x_refsource_REDHAT
	https://source.android.com/security/bulletin/pixel/2018-04-01	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:0654	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0676	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3653-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3655-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1170	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1130	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3655-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3653-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3657-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:31.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2017/12/5/950"
          },
          {
            "name": "102122",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102122"
          },
          {
            "name": "RHSA-2018:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
          },
          {
            "name": "RHSA-2018:0654",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0654"
          },
          {
            "name": "RHSA-2018:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "name": "USN-3653-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-2/"
          },
          {
            "name": "USN-3655-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-1/"
          },
          {
            "name": "RHSA-2018:1170",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1170"
          },
          {
            "name": "RHSA-2018:1130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1130"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "name": "USN-3655-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-2/"
          },
          {
            "name": "USN-3653-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-1/"
          },
          {
            "name": "USN-3657-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3657-1/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-30T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lkml.org/lkml/2017/12/5/950"
        },
        {
          "name": "102122",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102122"
        },
        {
          "name": "RHSA-2018:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
        },
        {
          "name": "RHSA-2018:0654",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0654"
        },
        {
          "name": "RHSA-2018:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0676"
        },
        {
          "name": "USN-3653-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-2/"
        },
        {
          "name": "USN-3655-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-1/"
        },
        {
          "name": "RHSA-2018:1170",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1170"
        },
        {
          "name": "RHSA-2018:1130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1130"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "name": "USN-3655-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-2/"
        },
        {
          "name": "USN-3653-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-1/"
        },
        {
          "name": "USN-3657-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3657-1/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "https://lkml.org/lkml/2017/12/5/950",
              "refsource": "MISC",
              "url": "https://lkml.org/lkml/2017/12/5/950"
            },
            {
              "name": "102122",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102122"
            },
            {
              "name": "RHSA-2018:1062",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
            },
            {
              "name": "RHSA-2018:0654",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0654"
            },
            {
              "name": "RHSA-2018:0676",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "name": "USN-3653-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-2/"
            },
            {
              "name": "USN-3655-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "RHSA-2018:1170",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1170"
            },
            {
              "name": "RHSA-2018:1130",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1130"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "USN-3655-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "USN-3653-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-1/"
            },
            {
              "name": "USN-3657-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3657-1/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17449",
    "datePublished": "2017-12-07T00:00:00",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-08-05T20:51:31.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17862 (GCVE-0-2017-17862)

Vulnerability from cvelistv5

Published

2017-12-23 17:00

Modified

2024-08-05 21:06

Severity ?

CWE

n/a

Summary

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.

References

URL

Tags

	https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467	x_refsource_MISC
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467	x_refsource_MISC
	https://www.spinics.net/lists/stable/msg206984.html	x_refsource_MISC
	http://www.securityfocus.com/bid/102325	vdb-entry, x_refsource_BID
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/usn/usn-3523-2/	vendor-advisory, x_refsource_UBUNTU
	https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security	x_refsource_MISC
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1040057	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:06:48.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/stable/msg206984.html"
          },
          {
            "name": "102325",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102325"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "name": "USN-3523-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-3523-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "1040057",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040057"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-06T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/stable/msg206984.html"
        },
        {
          "name": "102325",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102325"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "name": "USN-3523-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-3523-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "1040057",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040057"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17862",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467"
            },
            {
              "name": "https://www.spinics.net/lists/stable/msg206984.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/stable/msg206984.html"
            },
            {
              "name": "102325",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102325"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "USN-3523-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/usn/usn-3523-2/"
            },
            {
              "name": "https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security",
              "refsource": "MISC",
              "url": "https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "1040057",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040057"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17862",
    "datePublished": "2017-12-23T17:00:00",
    "dateReserved": "2017-12-23T00:00:00",
    "dateUpdated": "2024-08-05T21:06:48.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1000407 (GCVE-0-2017-1000407)

Vulnerability from cvelistv5

Published

2017-12-11 21:00

Modified

2024-08-05 22:00

Severity ?

CWE

n/a

Summary

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2017/12/04/2	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/102038	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3583-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/security/cve/cve-2017-1000407	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1062	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3583-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:0676	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.spinics.net/lists/kvm/msg159809.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:1170	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:00:40.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
          },
          {
            "name": "[oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/12/04/2"
          },
          {
            "name": "102038",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102038"
          },
          {
            "name": "USN-3583-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-2/"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2017-1000407"
          },
          {
            "name": "RHSA-2018:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1062"
          },
          {
            "name": "USN-3583-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-1/"
          },
          {
            "name": "RHSA-2018:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "[kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/kvm/msg159809.html"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "RHSA-2019:1170",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1170"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-14T21:06:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
        },
        {
          "name": "[oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/12/04/2"
        },
        {
          "name": "102038",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102038"
        },
        {
          "name": "USN-3583-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-2/"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2017-1000407"
        },
        {
          "name": "RHSA-2018:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1062"
        },
        {
          "name": "USN-3583-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-1/"
        },
        {
          "name": "RHSA-2018:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0676"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "[kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://www.spinics.net/lists/kvm/msg159809.html"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "RHSA-2019:1170",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1170"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-1000407",
          "REQUESTER": "ppandit@redhat.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
            },
            {
              "name": "[oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/12/04/2"
            },
            {
              "name": "102038",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102038"
            },
            {
              "name": "USN-3583-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "https://access.redhat.com/security/cve/cve-2017-1000407",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/cve/cve-2017-1000407"
            },
            {
              "name": "RHSA-2018:1062",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "USN-3583-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "RHSA-2018:0676",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "[kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts",
              "refsource": "MLIST",
              "url": "https://www.spinics.net/lists/kvm/msg159809.html"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "RHSA-2019:1170",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1170"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-1000407",
    "datePublished": "2017-12-11T21:00:00",
    "dateReserved": "2017-12-05T00:00:00",
    "dateUpdated": "2024-08-05T22:00:40.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16646 (GCVE-0-2017-16646)

Vulnerability from cvelistv5

Published

2017-11-07 23:00

Modified

2024-08-05 20:27

Severity ?

CWE

n/a

Summary

drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/101846	vdb-entry, x_refsource_BID
	https://patchwork.linuxtv.org/patch/45291/	x_refsource_MISC
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ	x_refsource_MISC
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:04.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "101846",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101846"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.linuxtv.org/patch/45291/"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-06T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "101846",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101846"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.linuxtv.org/patch/45291/"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16646",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "101846",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101846"
            },
            {
              "name": "https://patchwork.linuxtv.org/patch/45291/",
              "refsource": "MISC",
              "url": "https://patchwork.linuxtv.org/patch/45291/"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16646",
    "datePublished": "2017-11-07T23:00:00",
    "dateReserved": "2017-11-07T00:00:00",
    "dateUpdated": "2024-08-05T20:27:04.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-18075 (GCVE-0-2017-18075)

Vulnerability from cvelistv5

Published

2018-01-24 10:00

Modified

2024-08-05 21:13

Severity ?

CWE

n/a

Summary

crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.

References

URL

Tags

	http://www.securityfocus.com/bid/102813	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68	x_refsource_CONFIRM
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:13:48.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102813",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102813"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "102813",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102813"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18075",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102813",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102813"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13",
              "refsource": "CONFIRM",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/d76c68109f37cb85b243a1cf0f40313afd2bae68"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d76c68109f37cb85b243a1cf0f40313afd2bae68"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18075",
    "datePublished": "2018-01-24T10:00:00",
    "dateReserved": "2018-01-24T00:00:00",
    "dateUpdated": "2024-08-05T21:13:48.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17741 (GCVE-0-2017-17741)

Vulnerability from cvelistv5

Published

2017-12-18 08:00

Modified

2024-08-05 20:59

Severity ?

CWE

n/a

Summary

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/102227	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.spinics.net/lists/kvm/msg160796.html	x_refsource_MISC
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3620-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:59:17.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "102227",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102227"
          },
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/kvm/msg160796.html"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "USN-3620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-1/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "102227",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102227"
        },
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/kvm/msg160796.html"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "USN-3620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-1/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "102227",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102227"
            },
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "https://www.spinics.net/lists/kvm/msg160796.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/kvm/msg160796.html"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "USN-3620-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-1/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17741",
    "datePublished": "2017-12-18T08:00:00",
    "dateReserved": "2017-12-18T00:00:00",
    "dateUpdated": "2024-08-05T20:59:17.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5715 (GCVE-0-2017-5715)

Vulnerability from cvelistv5

Published

2018-01-04 13:00

Modified

2025-05-06 14:59

Severity ?

5.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

Information Disclosure

Summary

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

References

URL

Tags

	http://nvidia.custhelp.com/app/answers/detail/a_id/4609	x_refsource_CONFIRM
	https://usn.ubuntu.com/3560-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3542-2/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/201810-06	vendor-advisory, x_refsource_GENTOO
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	x_refsource_CONFIRM
	https://usn.ubuntu.com/3540-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/security/vulnerabilities/speculativeexecution	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3597-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://nvidia.custhelp.com/app/answers/detail/a_id/4611	x_refsource_CONFIRM
	https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4213	vendor-advisory, x_refsource_DEBIAN
	https://cert.vde.com/en-us/advisories/vde-2018-002	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4120	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3580-1/	vendor-advisory, x_refsource_UBUNTU
	https://support.f5.com/csp/article/K91229003	x_refsource_CONFIRM
	https://usn.ubuntu.com/3531-3/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3582-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4188	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:0292	vendor-advisory, x_refsource_REDHAT
	http://xenbits.xen.org/xsa/advisory-254.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180104-0001/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html	vendor-advisory, x_refsource_SUSE
	https://www.synology.com/support/security/Synology_SA_18_01	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html	x_refsource_MISC
	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/102376	vdb-entry, x_refsource_BID
	https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	x_refsource_CONFIRM
	https://usn.ubuntu.com/3594-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.kb.cert.org/vuls/id/584653	third-party-advisory, x_refsource_CERT-VN
	https://www.kb.cert.org/vuls/id/180049	third-party-advisory, x_refsource_CERT-VN
	https://cert.vde.com/en-us/advisories/vde-2018-003	x_refsource_CONFIRM
	https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3690-1/	vendor-advisory, x_refsource_UBUNTU
	https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us	x_refsource_CONFIRM
	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us	x_refsource_CONFIRM
	https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html	x_refsource_CONFIRM
	https://usn.ubuntu.com/3549-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html	vendor-advisory, x_refsource_SUSE
	https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/	x_refsource_CONFIRM
	https://support.citrix.com/article/CTX231399	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	x_refsource_CONFIRM
	https://spectreattack.com/	x_refsource_MISC
	https://usn.ubuntu.com/3531-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc	vendor-advisory, x_refsource_FREEBSD
	https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3581-1/	vendor-advisory, x_refsource_UBUNTU
	https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040071	vdb-entry, x_refsource_SECTRACK
	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	mailing-list, x_refsource_MLIST
	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr	x_refsource_CONFIRM
	https://usn.ubuntu.com/3597-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3581-2/	vendor-advisory, x_refsource_UBUNTU
	http://nvidia.custhelp.com/app/answers/detail/a_id/4614	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://usn.ubuntu.com/usn/usn-3516-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/43427/	exploit, x_refsource_EXPLOIT-DB
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3541-2/	vendor-advisory, x_refsource_UBUNTU
	https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html	x_refsource_MISC
	https://support.lenovo.com/us/en/solutions/LEN-18282	x_refsource_CONFIRM
	https://usn.ubuntu.com/3777-3/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://www.vmware.com/security/advisories/VMSA-2018-0007.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://nvidia.custhelp.com/app/answers/detail/a_id/4613	x_refsource_CONFIRM
	https://usn.ubuntu.com/3561-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3582-2/	vendor-advisory, x_refsource_UBUNTU
	https://seclists.org/bugtraq/2019/Jun/36	mailing-list, x_refsource_BUGTRAQ
	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt	x_refsource_CONFIRM
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM
	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc	vendor-advisory, x_refsource_FREEBSD
	https://seclists.org/bugtraq/2019/Nov/16	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html	x_refsource_MISC
	https://security.paloaltonetworks.com/CVE-2017-5715	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Intel Corporation	Microprocessors with Speculative Execution	Version: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:11:48.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
          },
          {
            "name": "USN-3560-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3560-1/"
          },
          {
            "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
          },
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3542-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3542-2/"
          },
          {
            "name": "GLSA-201810-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "USN-3540-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3540-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
          },
          {
            "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
          },
          {
            "name": "USN-3597-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3597-1/"
          },
          {
            "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
          },
          {
            "name": "SUSE-SU-2018:0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
          },
          {
            "name": "SUSE-SU-2018:0011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
          },
          {
            "name": "DSA-4213",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4213"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
          },
          {
            "name": "DSA-4120",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4120"
          },
          {
            "name": "openSUSE-SU-2018:0013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
          },
          {
            "name": "USN-3580-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3580-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K91229003"
          },
          {
            "name": "USN-3531-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3531-3/"
          },
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "name": "openSUSE-SU-2018:0022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
          },
          {
            "name": "USN-3582-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3582-1/"
          },
          {
            "name": "DSA-4188",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4188"
          },
          {
            "name": "RHSA-2018:0292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0292"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-254.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
          },
          {
            "name": "SUSE-SU-2018:0019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
          },
          {
            "name": "102376",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102376"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
          },
          {
            "name": "USN-3594-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3594-1/"
          },
          {
            "name": "VU#584653",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/584653"
          },
          {
            "name": "VU#180049",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/180049"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
          },
          {
            "name": "SUSE-SU-2018:0009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
          },
          {
            "name": "USN-3690-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3690-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
          },
          {
            "name": "USN-3549-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3549-1/"
          },
          {
            "name": "SUSE-SU-2018:0007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX231399"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://spectreattack.com/"
          },
          {
            "name": "USN-3531-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3531-1/"
          },
          {
            "name": "FreeBSD-SA-18:03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
          },
          {
            "name": "SUSE-SU-2018:0006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
          },
          {
            "name": "USN-3581-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3581-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
          },
          {
            "name": "1040071",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040071"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
          },
          {
            "name": "USN-3597-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3597-2/"
          },
          {
            "name": "USN-3581-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3581-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
          },
          {
            "name": "SUSE-SU-2018:0010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
          },
          {
            "name": "USN-3516-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
          },
          {
            "name": "43427",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43427/"
          },
          {
            "name": "SUSE-SU-2018:0020",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
          },
          {
            "name": "USN-3541-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3541-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
          },
          {
            "name": "USN-3777-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3777-3/"
          },
          {
            "name": "openSUSE-SU-2018:0023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
          },
          {
            "name": "SUSE-SU-2018:0008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
          },
          {
            "name": "USN-3561-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3561-1/"
          },
          {
            "name": "USN-3582-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3582-2/"
          },
          {
            "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          },
          {
            "name": "FreeBSD-SA-19:26",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
          },
          {
            "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/16"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2017-5715"
          },
          {
            "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
          },
          {
            "name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-5715",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:31:09.657900Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T14:59:36.405Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microprocessors with Speculative Execution",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-16T08:06:27.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
        },
        {
          "name": "USN-3560-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3560-1/"
        },
        {
          "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
        },
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3542-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3542-2/"
        },
        {
          "name": "GLSA-201810-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "USN-3540-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3540-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
        },
        {
          "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
        },
        {
          "name": "USN-3597-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3597-1/"
        },
        {
          "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
        },
        {
          "name": "SUSE-SU-2018:0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
        },
        {
          "name": "SUSE-SU-2018:0011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
        },
        {
          "name": "DSA-4213",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4213"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
        },
        {
          "name": "DSA-4120",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4120"
        },
        {
          "name": "openSUSE-SU-2018:0013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
        },
        {
          "name": "USN-3580-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3580-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K91229003"
        },
        {
          "name": "USN-3531-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3531-3/"
        },
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "name": "openSUSE-SU-2018:0022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
        },
        {
          "name": "USN-3582-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3582-1/"
        },
        {
          "name": "DSA-4188",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4188"
        },
        {
          "name": "RHSA-2018:0292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0292"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-254.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
        },
        {
          "name": "SUSE-SU-2018:0019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
        },
        {
          "name": "102376",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102376"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
        },
        {
          "name": "USN-3594-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3594-1/"
        },
        {
          "name": "VU#584653",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/584653"
        },
        {
          "name": "VU#180049",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/180049"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
        },
        {
          "name": "SUSE-SU-2018:0009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
        },
        {
          "name": "USN-3690-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3690-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
        },
        {
          "name": "USN-3549-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3549-1/"
        },
        {
          "name": "SUSE-SU-2018:0007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX231399"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://spectreattack.com/"
        },
        {
          "name": "USN-3531-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3531-1/"
        },
        {
          "name": "FreeBSD-SA-18:03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
        },
        {
          "name": "SUSE-SU-2018:0006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
        },
        {
          "name": "USN-3581-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3581-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
        },
        {
          "name": "1040071",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040071"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
        },
        {
          "name": "USN-3597-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3597-2/"
        },
        {
          "name": "USN-3581-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3581-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
        },
        {
          "name": "SUSE-SU-2018:0010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
        },
        {
          "name": "USN-3516-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
        },
        {
          "name": "43427",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43427/"
        },
        {
          "name": "SUSE-SU-2018:0020",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
        },
        {
          "name": "USN-3541-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3541-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
        },
        {
          "name": "USN-3777-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3777-3/"
        },
        {
          "name": "openSUSE-SU-2018:0023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
        },
        {
          "name": "SUSE-SU-2018:0008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
        },
        {
          "name": "USN-3561-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3561-1/"
        },
        {
          "name": "USN-3582-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3582-2/"
        },
        {
          "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        },
        {
          "name": "FreeBSD-SA-19:26",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
        },
        {
          "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/16"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2017-5715"
        },
        {
          "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
        },
        {
          "name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-01-03T00:00:00",
          "ID": "CVE-2017-5715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microprocessors with Speculative Execution",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
            },
            {
              "name": "USN-3560-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3560-1/"
            },
            {
              "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
            },
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3542-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3542-2/"
            },
            {
              "name": "GLSA-201810-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-06"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "USN-3540-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3540-2/"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
            },
            {
              "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
            },
            {
              "name": "USN-3597-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3597-1/"
            },
            {
              "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
            },
            {
              "name": "SUSE-SU-2018:0012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
            },
            {
              "name": "SUSE-SU-2018:0011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
            },
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
            },
            {
              "name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
              "refsource": "MISC",
              "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
            },
            {
              "name": "DSA-4213",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4213"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2018-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
            },
            {
              "name": "DSA-4120",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4120"
            },
            {
              "name": "openSUSE-SU-2018:0013",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
            },
            {
              "name": "USN-3580-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3580-1/"
            },
            {
              "name": "https://support.f5.com/csp/article/K91229003",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K91229003"
            },
            {
              "name": "USN-3531-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3531-3/"
            },
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "openSUSE-SU-2018:0022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
            },
            {
              "name": "USN-3582-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3582-1/"
            },
            {
              "name": "DSA-4188",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4188"
            },
            {
              "name": "RHSA-2018:0292",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0292"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-254.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-254.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180104-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
            },
            {
              "name": "SUSE-SU-2018:0019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_01",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_01"
            },
            {
              "name": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
            },
            {
              "name": "102376",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102376"
            },
            {
              "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "name": "USN-3594-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3594-1/"
            },
            {
              "name": "VU#584653",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/584653"
            },
            {
              "name": "VU#180049",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2018-003",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
            },
            {
              "name": "SUSE-SU-2018:0009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
            },
            {
              "name": "USN-3690-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3690-1/"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
            },
            {
              "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
              "refsource": "CONFIRM",
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
            },
            {
              "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
            },
            {
              "name": "USN-3549-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3549-1/"
            },
            {
              "name": "SUSE-SU-2018:0007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
              "refsource": "CONFIRM",
              "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
            },
            {
              "name": "https://support.citrix.com/article/CTX231399",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX231399"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://spectreattack.com/",
              "refsource": "MISC",
              "url": "https://spectreattack.com/"
            },
            {
              "name": "USN-3531-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3531-1/"
            },
            {
              "name": "FreeBSD-SA-18:03",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
            },
            {
              "name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
              "refsource": "CONFIRM",
              "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
            },
            {
              "name": "SUSE-SU-2018:0006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
            },
            {
              "name": "USN-3581-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3581-1/"
            },
            {
              "name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
              "refsource": "CONFIRM",
              "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
            },
            {
              "name": "1040071",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040071"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr",
              "refsource": "CONFIRM",
              "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
            },
            {
              "name": "USN-3597-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3597-2/"
            },
            {
              "name": "USN-3581-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3581-2/"
            },
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
            },
            {
              "name": "SUSE-SU-2018:0010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
            },
            {
              "name": "USN-3516-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
            },
            {
              "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
            },
            {
              "name": "43427",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43427/"
            },
            {
              "name": "SUSE-SU-2018:0020",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
            },
            {
              "name": "USN-3541-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3541-2/"
            },
            {
              "name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
              "refsource": "MISC",
              "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
            },
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-18282",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
            },
            {
              "name": "USN-3777-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3777-3/"
            },
            {
              "name": "openSUSE-SU-2018:0023",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
            },
            {
              "name": "SUSE-SU-2018:0008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
            },
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
            },
            {
              "name": "USN-3561-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3561-1/"
            },
            {
              "name": "USN-3582-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3582-2/"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/36"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "name": "FreeBSD-SA-19:26",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
            },
            {
              "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/16"
            },
            {
              "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
            },
            {
              "name": "https://security.paloaltonetworks.com/CVE-2017-5715",
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2017-5715"
            },
            {
              "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
            },
            {
              "name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2017-5715",
    "datePublished": "2018-01-04T13:00:00.000Z",
    "dateReserved": "2017-02-01T00:00:00.000Z",
    "dateUpdated": "2025-05-06T14:59:36.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-6927 (GCVE-0-2018-6927)

Vulnerability from cvelistv5

Published

2018-02-12 19:00

Modified

2024-08-05 06:17

Severity ?

CWE

n/a

Summary

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3697-1/	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1062	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0654	vendor-advisory, x_refsource_REDHAT
	https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a	x_refsource_MISC
	https://usn.ubuntu.com/3697-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/103023	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:0676	vendor-advisory, x_refsource_REDHAT
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15	x_refsource_MISC
	https://usn.ubuntu.com/3698-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3698-2/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:17:17.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3697-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3697-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a"
          },
          {
            "name": "RHSA-2018:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1062"
          },
          {
            "name": "RHSA-2018:0654",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0654"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a"
          },
          {
            "name": "USN-3697-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3697-2/"
          },
          {
            "name": "103023",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103023"
          },
          {
            "name": "RHSA-2018:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15"
          },
          {
            "name": "USN-3698-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3698-1/"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "USN-3698-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3698-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-12T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3697-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3697-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a"
        },
        {
          "name": "RHSA-2018:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1062"
        },
        {
          "name": "RHSA-2018:0654",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0654"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a"
        },
        {
          "name": "USN-3697-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3697-2/"
        },
        {
          "name": "103023",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103023"
        },
        {
          "name": "RHSA-2018:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0676"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15"
        },
        {
          "name": "USN-3698-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3698-1/"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "USN-3698-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3698-2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-6927",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3697-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3697-1/"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a"
            },
            {
              "name": "RHSA-2018:1062",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "RHSA-2018:0654",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0654"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a"
            },
            {
              "name": "USN-3697-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3697-2/"
            },
            {
              "name": "103023",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103023"
            },
            {
              "name": "RHSA-2018:0676",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15",
              "refsource": "MISC",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15"
            },
            {
              "name": "USN-3698-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3698-1/"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "USN-3698-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3698-2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-6927",
    "datePublished": "2018-02-12T19:00:00",
    "dateReserved": "2018-02-12T00:00:00",
    "dateUpdated": "2024-08-05T06:17:17.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12762 (GCVE-0-2017-12762)

Vulnerability from cvelistv5

Published

2017-08-09 21:00

Modified

2024-08-05 18:51

Severity ?

CWE

n/a

Summary

In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.

References

URL

Tags

	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	https://patchwork.kernel.org/patch/9880041/	x_refsource_MISC
	http://www.securityfocus.com/bid/100251	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3620-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2020/02/11/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/02/11/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/02/14/4	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:51:05.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/patch/9880041/"
          },
          {
            "name": "100251",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100251"
          },
          {
            "name": "USN-3620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-1/"
          },
          {
            "name": "[oss-security] 20200211 Potential regression and/or incomplete fix for CVE-2017-12762",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/02/11/1"
          },
          {
            "name": "[oss-security] 20200211 Re: Potential regression and/or incomplete fix for CVE-2017-12762",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/02/11/2"
          },
          {
            "name": "[oss-security] 20200214 Re: Potential regression and/or incomplete fix for CVE-2017-12762",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/02/14/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-14T12:06:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.kernel.org/patch/9880041/"
        },
        {
          "name": "100251",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100251"
        },
        {
          "name": "USN-3620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-1/"
        },
        {
          "name": "[oss-security] 20200211 Potential regression and/or incomplete fix for CVE-2017-12762",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/02/11/1"
        },
        {
          "name": "[oss-security] 20200211 Re: Potential regression and/or incomplete fix for CVE-2017-12762",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/02/11/2"
        },
        {
          "name": "[oss-security] 20200214 Re: Potential regression and/or incomplete fix for CVE-2017-12762",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/02/14/4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-12762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "https://patchwork.kernel.org/patch/9880041/",
              "refsource": "MISC",
              "url": "https://patchwork.kernel.org/patch/9880041/"
            },
            {
              "name": "100251",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100251"
            },
            {
              "name": "USN-3620-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-1/"
            },
            {
              "name": "[oss-security] 20200211 Potential regression and/or incomplete fix for CVE-2017-12762",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/02/11/1"
            },
            {
              "name": "[oss-security] 20200211 Re: Potential regression and/or incomplete fix for CVE-2017-12762",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/02/11/2"
            },
            {
              "name": "[oss-security] 20200214 Re: Potential regression and/or incomplete fix for CVE-2017-12762",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/02/14/4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-12762",
    "datePublished": "2017-08-09T21:00:00",
    "dateReserved": "2017-08-09T00:00:00",
    "dateUpdated": "2024-08-05T18:51:05.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-7492 (GCVE-0-2018-7492)

Vulnerability from cvelistv5

Published

2018-02-26 20:00

Modified

2024-08-05 06:31

Severity ?

CWE

n/a

Summary

A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/103185	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3674-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3677-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3674-2/	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1527393	x_refsource_MISC
	https://patchwork.kernel.org/patch/10096441/	x_refsource_MISC
	https://usn.ubuntu.com/3677-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7	x_refsource_MISC
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca	x_refsource_MISC
	https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:31:03.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "103185",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103185"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3674-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3674-1/"
          },
          {
            "name": "USN-3677-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3677-1/"
          },
          {
            "name": "USN-3674-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3674-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1527393"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/patch/10096441/"
          },
          {
            "name": "USN-3677-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3677-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-15T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "103185",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103185"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3674-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3674-1/"
        },
        {
          "name": "USN-3677-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3677-1/"
        },
        {
          "name": "USN-3674-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3674-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1527393"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.kernel.org/patch/10096441/"
        },
        {
          "name": "USN-3677-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3677-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7492",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "103185",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103185"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3674-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3674-1/"
            },
            {
              "name": "USN-3677-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3677-1/"
            },
            {
              "name": "USN-3674-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3674-2/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1527393",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1527393"
            },
            {
              "name": "https://patchwork.kernel.org/patch/10096441/",
              "refsource": "MISC",
              "url": "https://patchwork.kernel.org/patch/10096441/"
            },
            {
              "name": "USN-3677-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3677-2/"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7",
              "refsource": "MISC",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca"
            },
            {
              "name": "https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/",
              "refsource": "MISC",
              "url": "https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7492",
    "datePublished": "2018-02-26T20:00:00",
    "dateReserved": "2018-02-26T00:00:00",
    "dateUpdated": "2024-08-05T06:31:03.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-18203 (GCVE-0-2017-18203)

Vulnerability from cvelistv5

Published

2018-02-27 20:00

Modified

2024-08-05 21:13

Severity ?

CWE

n/a

Summary

The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/103184	vdb-entry, x_refsource_BID
	https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1854	vendor-advisory, x_refsource_REDHAT
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1062	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0676	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3653-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3655-1/	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3655-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3653-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3657-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:4154	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:13:49.101Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "103184",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103184"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed"
          },
          {
            "name": "RHSA-2018:1854",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1854"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3"
          },
          {
            "name": "RHSA-2018:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1062"
          },
          {
            "name": "RHSA-2018:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "name": "USN-3653-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-2/"
          },
          {
            "name": "USN-3655-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3655-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-2/"
          },
          {
            "name": "USN-3653-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3653-1/"
          },
          {
            "name": "USN-3657-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3657-1/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "RHSA-2019:4154",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4154"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-10T15:06:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "103184",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103184"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed"
        },
        {
          "name": "RHSA-2018:1854",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1854"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3"
        },
        {
          "name": "RHSA-2018:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1062"
        },
        {
          "name": "RHSA-2018:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0676"
        },
        {
          "name": "USN-3653-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-2/"
        },
        {
          "name": "USN-3655-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3655-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-2/"
        },
        {
          "name": "USN-3653-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3653-1/"
        },
        {
          "name": "USN-3657-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3657-1/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "RHSA-2019:4154",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4154"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18203",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "103184",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103184"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed"
            },
            {
              "name": "RHSA-2018:1854",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1854"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3",
              "refsource": "MISC",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3"
            },
            {
              "name": "RHSA-2018:1062",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "RHSA-2018:0676",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "name": "USN-3653-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-2/"
            },
            {
              "name": "USN-3655-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3655-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "USN-3653-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3653-1/"
            },
            {
              "name": "USN-3657-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3657-1/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "RHSA-2019:4154",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4154"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18203",
    "datePublished": "2018-02-27T20:00:00",
    "dateReserved": "2018-02-27T00:00:00",
    "dateUpdated": "2024-08-05T21:13:49.101Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16528 (GCVE-0-2017-16528)

Vulnerability from cvelistv5

Published

2017-11-04 01:00

Modified

2024-08-05 20:27

Severity ?

CWE

n/a

Summary

sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57	x_refsource_MISC
	https://groups.google.com/d/msg/syzkaller/kuZzDHGkQu8/5du20rZEAAAJ	x_refsource_MISC
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:03.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/d/msg/syzkaller/kuZzDHGkQu8/5du20rZEAAAJ"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-06T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/d/msg/syzkaller/kuZzDHGkQu8/5du20rZEAAAJ"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57"
            },
            {
              "name": "https://groups.google.com/d/msg/syzkaller/kuZzDHGkQu8/5du20rZEAAAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/d/msg/syzkaller/kuZzDHGkQu8/5du20rZEAAAJ"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16528",
    "datePublished": "2017-11-04T01:00:00",
    "dateReserved": "2017-11-03T00:00:00",
    "dateUpdated": "2024-08-05T20:27:03.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-18204 (GCVE-0-2017-18204)

Vulnerability from cvelistv5

Published

2018-02-27 20:00

Modified

2024-08-05 21:13

Severity ?

CWE

n/a

Summary

The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300	x_refsource_MISC
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2	x_refsource_MISC
	https://usn.ubuntu.com/3655-1/	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300	x_refsource_MISC
	https://usn.ubuntu.com/3655-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/103183	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:13:49.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2"
          },
          {
            "name": "USN-3655-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300"
          },
          {
            "name": "USN-3655-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3655-2/"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "103183",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103183"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-30T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2"
        },
        {
          "name": "USN-3655-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300"
        },
        {
          "name": "USN-3655-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3655-2/"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "103183",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103183"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2",
              "refsource": "MISC",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2"
            },
            {
              "name": "USN-3655-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300"
            },
            {
              "name": "USN-3655-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "103183",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103183"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18204",
    "datePublished": "2018-02-27T20:00:00",
    "dateReserved": "2018-02-27T00:00:00",
    "dateUpdated": "2024-08-05T21:13:49.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16645 (GCVE-0-2017-16645)

Vulnerability from cvelistv5

Published

2017-11-07 23:00

Modified

2024-08-05 20:27

Severity ?

CWE

n/a

Summary

The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a	x_refsource_MISC
	http://www.securityfocus.com/bid/101768	vdb-entry, x_refsource_BID
	https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ	x_refsource_MISC
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:04.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a"
          },
          {
            "name": "101768",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101768"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a"
        },
        {
          "name": "101768",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101768"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16645",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a"
            },
            {
              "name": "101768",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101768"
            },
            {
              "name": "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16645",
    "datePublished": "2017-11-07T23:00:00",
    "dateReserved": "2017-11-07T00:00:00",
    "dateUpdated": "2024-08-05T20:27:04.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16536 (GCVE-0-2017-16536)

Vulnerability from cvelistv5

Published

2017-11-04 01:00

Modified

2024-08-05 20:27

Severity ?

CWE

n/a

Summary

The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ	x_refsource_MISC
	https://patchwork.kernel.org/patch/9963527/	x_refsource_MISC
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:03.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/patch/9963527/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.kernel.org/patch/9963527/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16536",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ"
            },
            {
              "name": "https://patchwork.kernel.org/patch/9963527/",
              "refsource": "MISC",
              "url": "https://patchwork.kernel.org/patch/9963527/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16536",
    "datePublished": "2017-11-04T01:00:00",
    "dateReserved": "2017-11-03T00:00:00",
    "dateUpdated": "2024-08-05T20:27:03.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16914 (GCVE-0-2017-16914)

Vulnerability from cvelistv5

Published

2018-01-31 22:00

Modified

2024-09-17 01:42

Severity ?

CWE

Denial of service (NULL pointer dereference)

Summary

The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49	x_refsource_MISC
	https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.spinics.net/lists/linux-usb/msg163480.html	x_refsource_MISC
	https://secuniaresearch.flexerasoftware.com/advisories/80722/	x_refsource_MISC
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8	x_refsource_MISC
	http://www.securityfocus.com/bid/102150	vdb-entry, x_refsource_BID
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Flexera Software LLC	Linux Kernel	Version: Before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:21.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
          },
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/advisories/80722/"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
          },
          {
            "name": "102150",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102150"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "Flexera Software LLC",
          "versions": [
            {
              "status": "affected",
              "version": "Before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107"
            }
          ]
        }
      ],
      "datePublic": "2018-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The \"stub_send_ret_submit()\" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of service (NULL pointer dereference)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
        },
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/advisories/80722/"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
        },
        {
          "name": "102150",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102150"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "DATE_PUBLIC": "2018-01-31T00:00:00",
          "ID": "CVE-2017-16914",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Flexera Software LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The \"stub_send_ret_submit()\" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service (NULL pointer dereference)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49"
            },
            {
              "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
            },
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "https://www.spinics.net/lists/linux-usb/msg163480.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-usb/msg163480.html"
            },
            {
              "name": "https://secuniaresearch.flexerasoftware.com/advisories/80722/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/advisories/80722/"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
            },
            {
              "name": "102150",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102150"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2017-16914",
    "datePublished": "2018-01-31T22:00:00Z",
    "dateReserved": "2017-11-21T00:00:00",
    "dateUpdated": "2024-09-17T01:42:05.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7518 (GCVE-0-2017-7518)

Vulnerability from cvelistv5

Published

2018-07-30 13:00

Modified

2024-08-05 16:04

Severity ?

5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-250

Summary

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:0412	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/articles/3290921	x_refsource_CONFIRM
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:0395	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1038782	vdb-entry, x_refsource_SECTRACK
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2017/06/23/5	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2017/dsa-3981	vendor-advisory, x_refsource_DEBIAN
	https://www.spinics.net/lists/kvm/msg151817.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/99263	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	Kernel:	Version: 4.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0412",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0412"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/3290921"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "RHSA-2018:0395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0395"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "name": "1038782",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038782"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518"
          },
          {
            "name": "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/06/23/5"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "DSA-3981",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3981"
          },
          {
            "name": "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/kvm/msg151817.html"
          },
          {
            "name": "99263",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99263"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel:",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            }
          ]
        }
      ],
      "datePublic": "2017-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-24T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:0412",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0412"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/articles/3290921"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "RHSA-2018:0395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0395"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "name": "1038782",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038782"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518"
        },
        {
          "name": "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/06/23/5"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "DSA-3981",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3981"
        },
        {
          "name": "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://www.spinics.net/lists/kvm/msg151817.html"
        },
        {
          "name": "99263",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99263"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7518",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kernel:",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "5.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            [
              {
                "vectorString": "5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-250"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0412",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0412"
            },
            {
              "name": "https://access.redhat.com/articles/3290921",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/articles/3290921"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "RHSA-2018:0395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0395"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "1038782",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038782"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518"
            },
            {
              "name": "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/06/23/5"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "DSA-3981",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3981"
            },
            {
              "name": "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall",
              "refsource": "MLIST",
              "url": "https://www.spinics.net/lists/kvm/msg151817.html"
            },
            {
              "name": "99263",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99263"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7518",
    "datePublished": "2018-07-30T13:00:00",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-8043 (GCVE-0-2018-8043)

Vulnerability from cvelistv5

Published

2018-03-10 22:00

Modified

2024-08-05 06:46

Severity ?

CWE

n/a

Summary

The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

References

URL

Tags

	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3630-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5	x_refsource_MISC
	https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5	x_refsource_MISC
	https://usn.ubuntu.com/3630-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1040749	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:12.147Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3630-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3630-2/"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"
          },
          {
            "name": "USN-3630-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3630-1/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "1040749",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-09T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3630-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3630-2/"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"
        },
        {
          "name": "USN-3630-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3630-1/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "1040749",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-8043",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3630-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3630-2/"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"
            },
            {
              "name": "USN-3630-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3630-1/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "1040749",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-8043",
    "datePublished": "2018-03-10T22:00:00",
    "dateReserved": "2018-03-10T00:00:00",
    "dateUpdated": "2024-08-05T06:46:12.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0861 (GCVE-0-2017-0861)

Vulnerability from cvelistv5

Published

2017-11-16 23:00

Modified

2024-09-16 19:09

Severity ?

CWE

Elevation of privilege

Summary

Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3583-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2390	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3583-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/102329	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2020:0036	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://source.android.com/security/bulletin/pixel/2017-11-01	x_refsource_CONFIRM
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2017-0861	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Google Inc.	Android	Version: Android kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:18:06.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "USN-3583-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-2/"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "RHSA-2018:2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2390"
          },
          {
            "name": "USN-3583-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3583-1/"
          },
          {
            "name": "[secure-testing-commits] 20171206 r58306 - data/CVE",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "102329",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102329"
          },
          {
            "name": "RHSA-2020:0036",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0036"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2017-0861"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "Google Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android kernel"
            }
          ]
        }
      ],
      "datePublic": "2017-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:55",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "USN-3583-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-2/"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "RHSA-2018:2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2390"
        },
        {
          "name": "USN-3583-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3583-1/"
        },
        {
          "name": "[secure-testing-commits] 20171206 r58306 - data/CVE",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "102329",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102329"
        },
        {
          "name": "RHSA-2020:0036",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0036"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-0861"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "DATE_PUBLIC": "2017-11-06T00:00:00",
          "ID": "CVE-2017-0861",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:3083",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "USN-3583-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "RHSA-2018:2390",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "USN-3583-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "[secure-testing-commits] 20171206 r58306 - data/CVE",
              "refsource": "MLIST",
              "url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "RHSA-2018:3096",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "102329",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102329"
            },
            {
              "name": "RHSA-2020:0036",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0036"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2017-0861",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0861"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2017-0861",
    "datePublished": "2017-11-16T23:00:00Z",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-09-16T19:09:26.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16649 (GCVE-0-2017-16649)

Vulnerability from cvelistv5

Published

2017-11-07 23:00

Modified

2024-08-05 20:27

Severity ?

CWE

n/a

Summary

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

References

URL

Tags

	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html	mailing-list, x_refsource_MLIST
	https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ	x_refsource_MISC
	https://patchwork.ozlabs.org/patch/834771/	x_refsource_MISC
	https://usn.ubuntu.com/3822-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/101761	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3822-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:04.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.ozlabs.org/patch/834771/"
          },
          {
            "name": "USN-3822-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3822-2/"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "101761",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101761"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "USN-3822-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3822-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-28T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.ozlabs.org/patch/834771/"
        },
        {
          "name": "USN-3822-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3822-2/"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "101761",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101761"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "USN-3822-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3822-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16649",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
            },
            {
              "name": "https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ"
            },
            {
              "name": "https://patchwork.ozlabs.org/patch/834771/",
              "refsource": "MISC",
              "url": "https://patchwork.ozlabs.org/patch/834771/"
            },
            {
              "name": "USN-3822-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3822-2/"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "101761",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101761"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "USN-3822-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3822-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16649",
    "datePublished": "2017-11-07T23:00:00",
    "dateReserved": "2017-11-07T00:00:00",
    "dateUpdated": "2024-08-05T20:27:04.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17448 (GCVE-0-2017-17448)

Vulnerability from cvelistv5

Published

2017-12-07 00:00

Modified

2024-08-05 20:51

Severity ?

CWE

n/a

Summary

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

References

URL

Tags

	https://patchwork.kernel.org/patch/10089373/	x_refsource_MISC
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1062	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0654	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0676	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2017/dsa-4073	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/102117	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3620-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:31.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/patch/10089373/"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "name": "RHSA-2018:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1062"
          },
          {
            "name": "RHSA-2018:0654",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0654"
          },
          {
            "name": "RHSA-2018:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "name": "DSA-4073",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4073"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "102117",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102117"
          },
          {
            "name": "USN-3620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-1/"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-24T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.kernel.org/patch/10089373/"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "name": "RHSA-2018:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1062"
        },
        {
          "name": "RHSA-2018:0654",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0654"
        },
        {
          "name": "RHSA-2018:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0676"
        },
        {
          "name": "DSA-4073",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4073"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "102117",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102117"
        },
        {
          "name": "USN-3620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-1/"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17448",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://patchwork.kernel.org/patch/10089373/",
              "refsource": "MISC",
              "url": "https://patchwork.kernel.org/patch/10089373/"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "RHSA-2018:1062",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "RHSA-2018:0654",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0654"
            },
            {
              "name": "RHSA-2018:0676",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "name": "DSA-4073",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4073"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "102117",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102117"
            },
            {
              "name": "USN-3620-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-1/"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17448",
    "datePublished": "2017-12-07T00:00:00",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-08-05T20:51:31.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-170

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature

Action not permitted

CERTFR-2018-AVI-170

Vulnerability from certfr_avis

Solution

CVE-2017-15129 (GCVE-0-2017-15129)

Vulnerability from cvelistv5

CVE-2017-17558 (GCVE-0-2017-17558)

Vulnerability from cvelistv5

CVE-2017-17807 (GCVE-0-2017-17807)

Vulnerability from cvelistv5

CVE-2017-17805 (GCVE-0-2017-17805)

Vulnerability from cvelistv5

CVE-2017-16647 (GCVE-0-2017-16647)

Vulnerability from cvelistv5

CVE-2017-11089 (GCVE-0-2017-11089)

Vulnerability from cvelistv5

CVE-2017-16532 (GCVE-0-2017-16532)

Vulnerability from cvelistv5

CVE-2017-17806 (GCVE-0-2017-17806)

Vulnerability from cvelistv5

CVE-2017-16913 (GCVE-0-2017-16913)

Vulnerability from cvelistv5

CVE-2017-16537 (GCVE-0-2017-16537)

Vulnerability from cvelistv5

CVE-2018-1000026 (GCVE-0-2018-1000026)

Vulnerability from cvelistv5

CVE-2018-5344 (GCVE-0-2018-5344)

Vulnerability from cvelistv5

CVE-2017-16650 (GCVE-0-2017-16650)

Vulnerability from cvelistv5

CVE-2018-5332 (GCVE-0-2018-5332)

Vulnerability from cvelistv5

CVE-2018-5333 (GCVE-0-2018-5333)

Vulnerability from cvelistv5

CVE-2017-16911 (GCVE-0-2017-16911)

Vulnerability from cvelistv5

CVE-2017-16912 (GCVE-0-2017-16912)

Vulnerability from cvelistv5

CVE-2017-16994 (GCVE-0-2017-16994)

Vulnerability from cvelistv5

CVE-2017-18208 (GCVE-0-2017-18208)

Vulnerability from cvelistv5

CVE-2017-16995 (GCVE-0-2017-16995)

Vulnerability from cvelistv5

CVE-2017-17450 (GCVE-0-2017-17450)

Vulnerability from cvelistv5

CVE-2017-11472 (GCVE-0-2017-11472)

Vulnerability from cvelistv5

CVE-2017-17449 (GCVE-0-2017-17449)

Vulnerability from cvelistv5

CVE-2017-17862 (GCVE-0-2017-17862)

Vulnerability from cvelistv5

CVE-2017-1000407 (GCVE-0-2017-1000407)

Vulnerability from cvelistv5

CVE-2017-16646 (GCVE-0-2017-16646)

Vulnerability from cvelistv5

CVE-2017-18075 (GCVE-0-2017-18075)

Vulnerability from cvelistv5

CVE-2017-17741 (GCVE-0-2017-17741)

Vulnerability from cvelistv5

CVE-2017-5715 (GCVE-0-2017-5715)

Vulnerability from cvelistv5

CVE-2018-6927 (GCVE-0-2018-6927)

Vulnerability from cvelistv5

CVE-2017-12762 (GCVE-0-2017-12762)

Vulnerability from cvelistv5

CVE-2018-7492 (GCVE-0-2018-7492)

Vulnerability from cvelistv5

CVE-2017-18203 (GCVE-0-2017-18203)

Vulnerability from cvelistv5

CVE-2017-16528 (GCVE-0-2017-16528)

Vulnerability from cvelistv5

CVE-2017-18204 (GCVE-0-2017-18204)

Vulnerability from cvelistv5

CVE-2017-16645 (GCVE-0-2017-16645)

Vulnerability from cvelistv5

CVE-2017-16536 (GCVE-0-2017-16536)

Vulnerability from cvelistv5

CVE-2017-16914 (GCVE-0-2017-16914)

Vulnerability from cvelistv5