Description
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.
References (5)
Core 5
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.4
Patch, Third Party Advisory x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1ebb71143758f45dc0fa76e2f48429e13b16d110
Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/1ebb71143758f45dc0fa76e2f48429e13b16d110
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97190
Scores
CVSS v3
6.6
EPSS
0.0011
EPSS Percentile
29.3%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (50)
linux/linux_kernel
4.0
linux/linux_kernel
4.0.0
linux/linux_kernel
4.0.2
linux/linux_kernel
4.0.3
linux/linux_kernel
4.0.4
linux/linux_kernel
4.0.5
linux/linux_kernel
4.0.6
linux/linux_kernel
4.0.7
linux/linux_kernel
4.0.8
linux/linux_kernel
4.0.9
... and 40 more
Published
Mar 27, 2017
Tracked Since
Feb 18, 2026