CVE-2017-16528

CVSS v3.1 6.6 (Medium)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 6

sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-11-04 01:29:36
(6 years ago)
Updated Date: 2024-03-14 19:58:15
(6 months ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 3.19 version and prior 4.1.47 version	cpe:2.3:o:linux:linux_kernel	>= 3.19	< 4.1.47
Linux Kernel from 4.2 version and prior 4.4.99 version	cpe:2.3:o:linux:linux_kernel	>= 4.2	< 4.4.99
Linux Kernel from 4.5 version and prior 4.9.63 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.9.63
Linux Kernel from 4.10 version and prior 4.13.4 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.13.4

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm