CVE-2017-16535 - Vulnerability Details - OpenCVE

ReportizFlow

The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102022
https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e
https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
https://nvd.nist.gov/vuln/detail/CVE-2017-16535
https://usn.ubuntu.com/3754-1/
https://www.cve.org/CVERecord?id=CVE-2017-16535

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-11-04T01:00:00.000Z

Updated: 2024-08-05T20:27:03.419Z

Reserved: 2017-11-03T00:00:00.000Z

Link: CVE-2017-16535

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-11-04T01:29:37.147

Modified: 2026-05-13T00:24:29.033

Link: CVE-2017-16535

Redhat

Severity : Low

Publid Date: 2017-10-18T00:00:00Z

Links: CVE-2017-16535 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-11-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-24T09:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "102022", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102022"}, {"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ"}, {"name": "USN-3754-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3754-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-16535", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "102022", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102022"}, {"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"name": "https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ", "refsource": "MISC", "url": "https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ"}, {"name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/"}, {"name": "https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:27:03.419Z"}, "title": "CVE Program Container", "references": [{"name": "102022", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102022"}, {"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ"}, {"name": "USN-3754-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3754-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16535", "datePublished": "2017-11-04T01:00:00.000Z", "dateReserved": "2017-11-03T00:00:00.000Z", "dateUpdated": "2024-08-05T20:27:03.419Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3259E528-10D8-4E5E-99CE-AE8E7A8AC898", "versionEndIncluding": "4.13.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."}, {"lang": "es", "value": "La funci\u00f3n usb_get_bos_descriptor en drivers/usb/core/config.c en el kernel de Linux, en versiones anteriores a la 4.13.10, permite que los usuarios locales provoquen una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas."}], "id": "CVE-2017-16535", "lastModified": "2026-05-13T00:24:29.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-11-04T01:29:37.147", "references": [{"source": "[email protected]", "url": "http://www.securityfocus.com/bid/102022"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ"}, {"source": "[email protected]", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"source": "[email protected]", "url": "https://usn.ubuntu.com/3754-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/102022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3754-1/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: out-of-bounds read in usb_get_bos_descriptor function in drivers/usb/core/config.c", "id": "1510823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510823"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.", "The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel can allow a local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."], "name": "CVE-2017-16535", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-16535\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16535"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as a code with the flaw is not present in this product.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}