1. Home
  2. Vulnerabilities
  3. CVE-2017-8924

CVE-2017-8924

CVSS v3.0 4.6 (Medium)
46% Progress
CVSS v2.0 2.1 (Low)
21% Progress
EPSS 0.06 % (26th)
0.06% Progress
Affected Products 2
Advisories 14
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.

Weaknesses
CWE-191
Integer Underflow (Wrap or Wraparound)
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2017-05-12 21:29:00
(7 years ago)
Updated Date
2019-04-16 14:28:19
(5 years ago)

Affected Products

Debian

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel 4.10.3 and prior versions cpe:2.3:o:linux:linux_kernel <= 4.10.3

Configuration #2

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0