Note:
This project will be discontinued after December 13, 2021. [more]
2017-11-04
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
Products | Linux_kernel |
Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
First patch |
https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb |
Relevant file/s |
• ./drivers/usb/core/config.c (modified, +11, -3)
• ./include/uapi/linux/usb/ch9.h (modified, +1) |
Links |
• https://usn.ubuntu.com/3754-1/
• https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ • https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html • http://www.securityfocus.com/bid/102025 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: