CVE-2017-17975

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 30-12-2017 02:29

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

5.5

Base score

1.8

3.6

Exploitability score

Impact score

Verification logic

Reference

http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html
102330-Third Party Advisory, VDB Entry
DSA-4188-
USN-3654-2-
USN-3654-1-
USN-3653-2-
USN-3653-1-
USN-3657-1-
USN-3656-1-

Keywords

CVE-2017-17975

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2017-17975

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures