CVE-2017-1000363
CVSS v3.1
7.8 (High)
CVSS v2.0
7.2 (High)
EPSS
0.04 % (13th)
Affected Products
2
Advisories
16
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2017-07-17 13:18:18
(7 years ago) - Updated Date
-
2023-01-17 21:03:53
(20 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...