CVE-2017-5549

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.

Weakness

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	*	4.9.4 (including)
Linux	Ubuntu	precise	*
Linux	Ubuntu	precise/esm	*
Linux	Ubuntu	trusty	*
Linux	Ubuntu	upstream	*
Linux	Ubuntu	vivid/ubuntu-core	*
Linux	Ubuntu	xenial	*
Linux	Ubuntu	yakkety	*
Linux-armadaxp	Ubuntu	precise	*
Linux-armadaxp	Ubuntu	upstream	*
Linux-aws	Ubuntu	upstream	*
Linux-aws	Ubuntu	xenial	*
Linux-aws-5.15	Ubuntu	upstream	*
Linux-aws-5.4	Ubuntu	upstream	*
Linux-aws-fips	Ubuntu	trusty	*
Linux-aws-fips	Ubuntu	upstream	*
Linux-aws-fips	Ubuntu	xenial	*
Linux-aws-hwe	Ubuntu	upstream	*
Linux-azure	Ubuntu	upstream	*
Linux-azure-4.15	Ubuntu	upstream	*
Linux-azure-5.15	Ubuntu	upstream	*
Linux-azure-5.4	Ubuntu	upstream	*
Linux-azure-edge	Ubuntu	upstream	*
Linux-azure-fde	Ubuntu	focal	*
Linux-azure-fde	Ubuntu	upstream	*
Linux-azure-fde-5.15	Ubuntu	upstream	*
Linux-azure-fips	Ubuntu	trusty	*
Linux-azure-fips	Ubuntu	upstream	*
Linux-azure-fips	Ubuntu	xenial	*
Linux-bluefield	Ubuntu	upstream	*
Linux-euclid	Ubuntu	upstream	*
Linux-euclid	Ubuntu	xenial	*
Linux-fips	Ubuntu	upstream	*
Linux-flo	Ubuntu	trusty	*
Linux-flo	Ubuntu	upstream	*
Linux-flo	Ubuntu	vivid/stable-phone-overlay	*
Linux-flo	Ubuntu	xenial	*
Linux-flo	Ubuntu	yakkety	*
Linux-gcp	Ubuntu	upstream	*
Linux-gcp-4.15	Ubuntu	upstream	*
Linux-gcp-5.15	Ubuntu	upstream	*
Linux-gcp-5.4	Ubuntu	upstream	*
Linux-gcp-fips	Ubuntu	trusty	*
Linux-gcp-fips	Ubuntu	upstream	*
Linux-gcp-fips	Ubuntu	xenial	*
Linux-gke	Ubuntu	focal	*
Linux-gke	Ubuntu	upstream	*
Linux-gkeop	Ubuntu	upstream	*
Linux-gkeop-5.15	Ubuntu	upstream	*
Linux-goldfish	Ubuntu	trusty	*
Linux-goldfish	Ubuntu	upstream	*
Linux-goldfish	Ubuntu	xenial	*
Linux-goldfish	Ubuntu	yakkety	*
Linux-goldfish	Ubuntu	zesty	*
Linux-grouper	Ubuntu	trusty	*
Linux-grouper	Ubuntu	upstream	*
Linux-hwe	Ubuntu	upstream	*
Linux-hwe	Ubuntu	xenial	*
Linux-hwe-5.15	Ubuntu	upstream	*
Linux-hwe-5.4	Ubuntu	upstream	*
Linux-hwe-6.8	Ubuntu	upstream	*
Linux-hwe-edge	Ubuntu	upstream	*
Linux-hwe-edge	Ubuntu	xenial	*
Linux-ibm	Ubuntu	upstream	*
Linux-ibm-5.15	Ubuntu	upstream	*
Linux-ibm-5.4	Ubuntu	upstream	*
Linux-intel	Ubuntu	upstream	*
Linux-intel-iot-realtime	Ubuntu	upstream	*
Linux-intel-iotg	Ubuntu	upstream	*
Linux-intel-iotg-5.15	Ubuntu	upstream	*
Linux-iot	Ubuntu	upstream	*
Linux-kvm	Ubuntu	upstream	*
Linux-linaro-omap	Ubuntu	precise	*
Linux-linaro-omap	Ubuntu	upstream	*
Linux-linaro-shared	Ubuntu	precise	*
Linux-linaro-shared	Ubuntu	upstream	*
Linux-linaro-vexpress	Ubuntu	precise	*
Linux-linaro-vexpress	Ubuntu	upstream	*
Linux-lowlatency	Ubuntu	upstream	*
Linux-lowlatency-hwe-5.15	Ubuntu	upstream	*
Linux-lowlatency-hwe-6.8	Ubuntu	upstream	*
Linux-lts-quantal	Ubuntu	precise	*
Linux-lts-quantal	Ubuntu	precise/esm	*
Linux-lts-quantal	Ubuntu	upstream	*
Linux-lts-raring	Ubuntu	precise	*
Linux-lts-raring	Ubuntu	precise/esm	*
Linux-lts-raring	Ubuntu	upstream	*
Linux-lts-saucy	Ubuntu	precise	*
Linux-lts-saucy	Ubuntu	precise/esm	*
Linux-lts-saucy	Ubuntu	upstream	*
Linux-lts-trusty	Ubuntu	precise	*
Linux-lts-trusty	Ubuntu	precise/esm	*
Linux-lts-trusty	Ubuntu	upstream	*
Linux-lts-utopic	Ubuntu	trusty	*
Linux-lts-utopic	Ubuntu	upstream	*
Linux-lts-vivid	Ubuntu	trusty	*
Linux-lts-vivid	Ubuntu	trusty/esm	*
Linux-lts-vivid	Ubuntu	upstream	*
Linux-lts-wily	Ubuntu	trusty	*
Linux-lts-wily	Ubuntu	upstream	*
Linux-lts-xenial	Ubuntu	trusty	*
Linux-lts-xenial	Ubuntu	upstream	*
Linux-maguro	Ubuntu	trusty	*
Linux-maguro	Ubuntu	upstream	*
Linux-mako	Ubuntu	trusty	*
Linux-mako	Ubuntu	upstream	*
Linux-mako	Ubuntu	vivid/stable-phone-overlay	*
Linux-mako	Ubuntu	xenial	*
Linux-mako	Ubuntu	yakkety	*
Linux-manta	Ubuntu	trusty	*
Linux-manta	Ubuntu	upstream	*
Linux-nvidia	Ubuntu	upstream	*
Linux-nvidia-6.5	Ubuntu	upstream	*
Linux-nvidia-6.8	Ubuntu	upstream	*
Linux-nvidia-lowlatency	Ubuntu	upstream	*
Linux-oem	Ubuntu	upstream	*
Linux-oem-6.8	Ubuntu	upstream	*
Linux-oracle	Ubuntu	upstream	*
Linux-oracle-5.15	Ubuntu	upstream	*
Linux-oracle-5.4	Ubuntu	upstream	*
Linux-qcm-msm	Ubuntu	precise	*
Linux-qcm-msm	Ubuntu	upstream	*
Linux-raspi	Ubuntu	upstream	*
Linux-raspi-5.4	Ubuntu	upstream	*
Linux-raspi-realtime	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	focal	*
Linux-raspi2	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	vivid/ubuntu-core	*
Linux-raspi2	Ubuntu	xenial	*
Linux-raspi2	Ubuntu	yakkety	*
Linux-realtime	Ubuntu	jammy	*
Linux-realtime	Ubuntu	upstream	*
Linux-riscv	Ubuntu	focal	*
Linux-riscv	Ubuntu	jammy	*
Linux-riscv	Ubuntu	upstream	*
Linux-riscv-5.15	Ubuntu	upstream	*
Linux-riscv-6.8	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	xenial	*
Linux-snapdragon	Ubuntu	yakkety	*
Linux-ti-omap4	Ubuntu	precise	*
Linux-ti-omap4	Ubuntu	upstream	*
Linux-xilinx-zynqmp	Ubuntu	upstream	*

Extended Description

While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers. Different log files may be produced and stored for:

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-5549
CWE	https://cwe.mitre.org/data/definitions/532.html

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Extended Description

Potential Mitigations

References

CVE-2017-5549

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Extended Description

Potential Mitigations

Related Attack Patterns

References