FKIE_CVE-2017-17975

Vulnerability from fkie_nvd - Published: 2017-12-30 01:29 - Updated: 2025-04-20 01:37
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.
References
cve@mitre.orghttp://linuxtesting.org/pipermail/ldv-project/2017-November/001008.htmlIssue Tracking, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/102330Third Party Advisory, VDB Entry
cve@mitre.orghttps://usn.ubuntu.com/3653-1/
cve@mitre.orghttps://usn.ubuntu.com/3653-2/
cve@mitre.orghttps://usn.ubuntu.com/3654-1/
cve@mitre.orghttps://usn.ubuntu.com/3654-2/
cve@mitre.orghttps://usn.ubuntu.com/3656-1/
cve@mitre.orghttps://usn.ubuntu.com/3657-1/
cve@mitre.orghttps://www.debian.org/security/2018/dsa-4188
af854a3a-2127-422b-91ae-364da2661108http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.htmlIssue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102330Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3653-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3653-2/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3654-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3654-2/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3656-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3657-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4188
Impacted products
Vendor Product Version
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4110B01F-9664-4CAA-8C2B-F5EECA7365FA",
              "versionEndIncluding": "4.14.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label\u0027s code attempts to both access and free this data structure."
    },
    {
      "lang": "es",
      "value": "Uso de memoria previamente liberada en la funci\u00f3n usbtv_probe en drivers/media/usb/usbtv/usbtv-core.c en el kernel de Linux hasta la versi\u00f3n 4.14.10 permite que atacantes provoquen una denegaci\u00f3n de servicio (cierre inesperado del sistema) o, posiblemente, causen otro tipo de impacto sin especificar desencadenando un error de registro de audio. Esto se debe a que un kfree de la estructura de datos usbtv ocurre durante una llamada usbtv_video_free, pero el c\u00f3digo de la etiqueta usbtv_video_fail intenta acceder y liberar esta estructura de datos."
    }
  ],
  "id": "CVE-2017-17975",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-30T01:29:00.877",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102330"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3653-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3653-2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3654-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3654-2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3656-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3657-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2018/dsa-4188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3653-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3653-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3654-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3654-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3656-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3657-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2018/dsa-4188"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.