CVE-2017-17558
MEDIUMLinux Kernel < 4.14.5 - Out-of-bounds Write in USB Core Configuration Handling
Title source: llmDescription
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
References (14)
Core 14
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3619-2/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4082
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3754-1/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1062
Mailing List, Third Party Advisory x_refsource_misc
http://openwall.com/lists/oss-security/2017/12/12/7
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0676
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-4073
Issue Tracking, Patch x_refsource_misc
https://www.spinics.net/lists/linux-usb/msg163644.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3619-1/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1170
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1190
Vendor Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Scores
CVSS v3
6.6
EPSS
0.0007
EPSS Percentile
22.0%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (2)
linux/linux_kernel
< 4.14.5
suse/linux_enterprise_server
11 extra (2 CPE variants)
Published
Dec 12, 2017
Tracked Since
Feb 18, 2026