CVE-2017-13168 — Incorrect Permission Assignment in INC Android

CWE-732 — Incorrect Permission Assignment CWE-125 — Out-of-bounds Read20 documents8 sources

Severity

7.8HIGHNVD

OSV5.5

EPSS

0.2%

top 61.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Google INC Android Canonical Ubuntu Linux

Timeline

PublishedDec 6

Latest updateMay 13

Description

An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google_inc/androidAndroid kernel

▶Debianlinux/linux_kernel< 4.17.6-1+3

▶Ubuntulinux/linux_kernel< 3.13.0-162.212+2

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 18.04

🔴Vulnerability Details

GHSA

GHSA-94xj-6h93-9hj5: An elevation of privilege vulnerability in the kernel scsi driver↗2022-05-13

▶

OSV

linux-azure vulnerabilities↗2018-11-14

▶

OSV

linux vulnerabilities↗2018-11-14

▶

OSV

linux-hwe, linux-azure, linux-gcp vulnerabilities↗2018-11-14

▶

OSV

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities↗2018-11-14

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2018-11-14

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2018-11-14

▶

Ubuntu

Linux kernel vulnerabilities↗2018-11-14

▶

Ubuntu

Linux kernel vulnerabilities↗2018-11-14

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2018-11-14

▶

💬Community

Bugzilla

CVE-2017-13168 kernel: scsi: sg driver can improperly access userspace memory↗2018-12-13

▶