CVE-2017-16649

MEDIUM

Linux kernel <4.13.11 - DoS

Title source: llm

Description

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

References (11)

[Vendor Advisory] https://usn.ubuntu.com/3619-2/

[Vendor Advisory] https://usn.ubuntu.com/3822-1/

[Vendor Advisory] https://usn.ubuntu.com/3822-2/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101761

[Mailing List, Third Party Advisory] https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ

[Mailing List, Third Party Advisory] https://patchwork.ozlabs.org/patch/834771/

[Vendor Advisory] https://usn.ubuntu.com/3617-1/

[Vendor Advisory] https://usn.ubuntu.com/3617-2/

[Vendor Advisory] https://usn.ubuntu.com/3617-3/

[Vendor Advisory] https://usn.ubuntu.com/3619-1/

[Mailing List] https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

Scores

CVSS v3 6.6

EPSS 0.0008

EPSS Percentile 23.6%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-369

Status draft

Affected Products (1)

linux/linux_kernel < 4.13.11

Timeline

Published Nov 07, 2017

Tracked Since Feb 18, 2026