CVE-2017-16534

CVE-2017-16534

Name

CVE-2017-16534

Description

The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mailing List	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
Issue Tracking	https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb
Issue Tracking	https://groups.google.com/d/msg/syzkaller/nXnjqI73uPo/6sUyq6kqAgAJ

Type

URI

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

Issue Tracking

https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb

Issue Tracking

https://groups.google.com/d/msg/syzkaller/nXnjqI73uPo/6sUyq6kqAgAJ

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 4.4	< 4.4.92
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 4.5	< 4.9.55
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 4.10	< 4.13.6

CPE URI

Source package

Min version

Max version

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

linux_kernel

>= 4.4

< 4.4.92

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

linux_kernel

>= 4.5

< 4.9.55

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

linux_kernel

>= 4.10

< 4.13.6

References

Match rules

Vulnerable and fixed packages