CVE-2017-16650

MEDIUM

Linux kernel <4.13.11 - DoS

Title source: llm

Description

The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

References (9)

[Vendor Advisory] https://usn.ubuntu.com/3617-1/

[Vendor Advisory] https://usn.ubuntu.com/3617-2/

[Vendor Advisory] https://usn.ubuntu.com/3617-3/

[Vendor Advisory] https://usn.ubuntu.com/3619-1/

[Vendor Advisory] https://usn.ubuntu.com/3619-2/

[Vendor Advisory] https://usn.ubuntu.com/3754-1/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101791

[Mailing List, Third Party Advisory] https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ

[Mailing List, Third Party Advisory] https://patchwork.ozlabs.org/patch/834770/

Scores

CVSS v3 6.6

EPSS 0.0008

EPSS Percentile 23.2%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-369

Status draft

Affected Products (1)

linux/linux_kernel < 4.13.11

Timeline

Published Nov 07, 2017

Tracked Since Feb 18, 2026