CVE Vulnerabilities

CVE-2017-16532

NULL Pointer Dereference

Published: Nov 04, 2017 | Modified: Aug 24, 2018
CVSS 3.x
6.6
MEDIUM
Source:
NVD
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
4.6 LOW
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * 4.13.11
Linux Ubuntu artful *
Linux Ubuntu esm-infra/xenial *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu upstream *
Linux Ubuntu xenial *
Linux Ubuntu zesty *
Linux-armadaxp Ubuntu upstream *
Linux-aws Ubuntu esm-infra/xenial *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu trusty/esm *
Linux-aws Ubuntu upstream *
Linux-aws Ubuntu xenial *
Linux-azure Ubuntu esm-infra/xenial *
Linux-azure Ubuntu upstream *
Linux-azure Ubuntu xenial *
Linux-azure-edge Ubuntu upstream *
Linux-euclid Ubuntu upstream *
Linux-euclid Ubuntu xenial *
Linux-flo Ubuntu trusty *
Linux-flo Ubuntu upstream *
Linux-flo Ubuntu xenial *
Linux-gcp Ubuntu esm-infra/xenial *
Linux-gcp Ubuntu upstream *
Linux-gcp Ubuntu xenial *
Linux-gke Ubuntu upstream *
Linux-gke Ubuntu xenial *
Linux-goldfish Ubuntu trusty *
Linux-goldfish Ubuntu upstream *
Linux-goldfish Ubuntu xenial *
Linux-goldfish Ubuntu zesty *
Linux-grouper Ubuntu trusty *
Linux-grouper Ubuntu upstream *
Linux-hwe Ubuntu esm-infra/xenial *
Linux-hwe Ubuntu upstream *
Linux-hwe Ubuntu xenial *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-kvm Ubuntu esm-infra/xenial *
Linux-kvm Ubuntu upstream *
Linux-kvm Ubuntu xenial *
Linux-linaro-omap Ubuntu upstream *
Linux-linaro-shared Ubuntu upstream *
Linux-linaro-vexpress Ubuntu upstream *
Linux-lts-quantal Ubuntu precise/esm *
Linux-lts-quantal Ubuntu upstream *
Linux-lts-raring Ubuntu precise/esm *
Linux-lts-raring Ubuntu upstream *
Linux-lts-saucy Ubuntu precise/esm *
Linux-lts-saucy Ubuntu upstream *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-utopic Ubuntu upstream *
Linux-lts-vivid Ubuntu trusty *
Linux-lts-vivid Ubuntu upstream *
Linux-lts-wily Ubuntu trusty *
Linux-lts-wily Ubuntu upstream *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-lts-xenial Ubuntu upstream *
Linux-maguro Ubuntu trusty *
Linux-maguro Ubuntu upstream *
Linux-mako Ubuntu trusty *
Linux-mako Ubuntu upstream *
Linux-mako Ubuntu xenial *
Linux-manta Ubuntu trusty *
Linux-manta Ubuntu upstream *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-qcm-msm Ubuntu upstream *
Linux-raspi2 Ubuntu artful *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2 Ubuntu zesty *
Linux-snapdragon Ubuntu artful *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-snapdragon Ubuntu zesty *
Linux-ti-omap4 Ubuntu upstream *

Potential Mitigations

References