1. Home
  2. Vulnerabilities
  3. CVE-2017-17558

CVE-2017-17558

CVSS v3.0 6.6 (Medium)
66% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.04 % (11th)
0.04% Progress
Affected Products 2
Advisories 43
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

Weaknesses
CWE-787
Out-of-bounds Write
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2017-12-12 15:29:00
(6 years ago)
Updated Date
2019-05-14 23:29:04
(5 years ago)

Affected Products

Linux

Suse

Configuration #1

    CPE23 From Up To
  Linux Kernel 4.14.5 and prior versions cpe:2.3:o:linux:linux_kernel <= 4.14.5

Configuration #2

    CPE23 From Up To
  Suse Linux Enterprise Server 11 Extra cpe:2.3:o:suse:linux_enterprise_server:11:extra
  Suse Linux Enterprise Server 11 SP4 cpe:2.3:o:suse:linux_enterprise_server:11:sp4