CVE-2017-16535

CVSS v3.0 6.6 (Medium)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 12

The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-11-04 01:29:37
(6 years ago)
Updated Date: 2018-08-24 10:29:01
(6 years ago)

Affected Products

Linux

Linux Kernel

Configuration #1

		CPE23	From	Up To
	Linux Kernel 4.13.9 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 4.13.9