SB2017110904 - Denial of service in Linux Kernel
Published: November 9, 2017
Security Bulletin ID
SB2017110904
Severity
Low
Patch available
YES
Number of vulnerabilities
14
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Use-after-free error (CVE-ID: CVE-2017-16525)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to use-after-free error in usb_serial_console_disconnect function in drivers/usb/serial/console.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
2) Denial of service (CVE-ID: CVE-2017-16526)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to a flaw in drivers/uwb/uwbd.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
3) Use-after-free error (CVE-ID: CVE-2017-16527)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to use-after-free error in sound/usb/mixer.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Use-after-free error (CVE-ID: CVE-2017-16528)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to use-after-free error in the sound/core/seq_device.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
5) Out-of-bounds read (CVE-ID: CVE-2017-16529)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read in the snd_usb_create_streams function in sound/usb/card.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
6) Out-of-bounds read (CVE-ID: CVE-2017-16530)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read in the drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
7) Out-of-bounds read (CVE-ID: CVE-2017-16531)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read in the drivers/usb/core/config.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
8) Null pointer dereference (CVE-ID: CVE-2017-16532)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference in the get_endpoints function in drivers/usb/misc/usbtest.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
9) Out-of-bounds read (CVE-ID: CVE-2017-16533)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read in the usbhid_parse function in drivers/hid/usbhid/hid-core.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
10) Out-of-bounds read (CVE-ID: CVE-2017-16534)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read in the cdc_parse_cdc_header function in drivers/usb/core/message.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
11) Out-of-bounds read (CVE-ID: CVE-2017-16535)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read in the usb_get_bos_descriptor function in drivers/usb/core/config.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
12) Null pointer dereference (CVE-ID: CVE-2017-16536)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference in the cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
13) Null pointer dereference (CVE-ID: CVE-2017-16537)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference in the imon_probe function in drivers/media/rc/imon.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
14) Denial of service (CVE-ID: CVE-2017-16538)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to an error in the drivers/media/usb/dvb-usb-v2/lmedm04.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.
References
- https://github.com/torvalds/linux/commit/bd998c2e0df0469707503023d50d46cf0b10c787
- https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043
- https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4
- https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57
- https://github.com/torvalds/linux/commit/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991
- https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4
- https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb
- https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8
- https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb
- https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e
- https://patchwork.kernel.org/patch/9963527/