CVE-2017-16525Use After Free in Kernel

CWE-416Use After Free18 documents8 sources
Severity
6.6MEDIUMNVD
OSV7.8OSV7.0
EPSS
0.1%
top 71.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxCanonical Ubuntu Linux+2 more
Timeline
PublishedNov 4
Latest updateMay 14

Description

The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel2.6.183.2.96+7
Debianlinux/linux_kernel< 4.13.10-1+3
Ubuntulinux/linux_kernel< 3.13.0-142.191+1
debiandebian/linux< linux 4.13.10-1 (bookworm)

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

6
GHSA
GHSA-5cfc-cp57-xp2m: The usb_serial_console_disconnect function in drivers/usb/serial/console2022-05-14
OSV
linux vulnerabilities2018-02-23
OSV
linux-aws vulnerabilities2017-11-21
OSV
linux-lts-xenial vulnerabilities2017-11-21
OSV
linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2017-11-21

📋Vendor Advisories

9
Android
CVE-2017-16525: USB driver2018-03-01
Ubuntu
Linux kernel vulnerabilities2018-02-23
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-02-23
Ubuntu
Linux kernel vulnerabilities2017-11-21
Ubuntu
Linux kernel (AWS) vulnerabilities2017-11-21

💬Community

2
Bugzilla
CVE-2017-16525 CVE-2017-16526 CVE-2017-16527 CVE-2017-16528 CVE-2017-16529 CVE-2017-16530 CVE-2017-16531 CVE-2017-16532 CVE-2017-16533 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-22017-11-08
Bugzilla
CVE-2017-16525 kernel: Use-after-free in usb_serial_console_disconnect()2017-11-08