CVE Vulnerabilities

CVE-2017-16532

NULL Pointer Dereference

Published: Nov 04, 2017 | Modified: Mar 14, 2024
CVSS 3.x
6.6
MEDIUM
Source:
NVD
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * *
Linux_kernel Linux 3.3 *
Linux_kernel Linux 3.17 *
Linux_kernel Linux 3.19 *
Linux_kernel Linux 4.2 *
Linux_kernel Linux 4.5 *
Linux_kernel Linux 4.10 *

Potential Mitigations

References