CVE-2017-17558

Published: Dec 12, 2017Modified: May 13, 2026

6.6

Vector

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.7 / Impact: 5.9

Source: NVD

Description

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

Affected (3)

Products: Linux: Linux Kernel · Suse: Linux Enterprise Server

1 product

1 product

Linux Enterprise Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.14.5

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Server	Version 11 extra
Suse Linux Enterprise Server	Version 11 sp4

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (28)

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

Source: cve@mitre.org

Third Party Advisory

http://openwall.com/lists/oss-security/2017/12/12/7

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:0676

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2018:1062

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2019:1170

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2019:1190

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html

Source: cve@mitre.org

https://usn.ubuntu.com/3619-1/

Source: cve@mitre.org

https://usn.ubuntu.com/3619-2/

Source: cve@mitre.org

https://usn.ubuntu.com/3754-1/

Source: cve@mitre.org

https://www.debian.org/security/2017/dsa-4073

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4082

Source: cve@mitre.org

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: cve@mitre.org

https://www.spinics.net/lists/linux-usb/msg163644.html

Source: cve@mitre.org

Issue TrackingPatch

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://openwall.com/lists/oss-security/2017/12/12/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:0676

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2018:1062

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:1170

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:1190

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3619-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3619-2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3754-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2017/dsa-4073

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4082

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.spinics.net/lists/linux-usb/msg163644.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.