Vulnerability Details : CVE-2017-9985
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
Vulnerability category: Denial of service
Threat overview for CVE-2017-9985
Top countries where our scanners detected CVE-2017-9985
Top open port discovered on systems with this issue 49152
IPs affected by CVE-2017-9985 18,271
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2017-9985!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-9985
Probability of exploitation activity in the next 30 days: 0.04%
CVSS scores for CVE-2017-9985
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
CWE ids for CVE-2017-9985
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: firstname.lastname@example.org (Primary)
References for CVE-2017-9985
USN-3754-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
ALSA: msnd: Optimize / harden DSP and MIDI loops · torvalds/linux@20e2b79 · GitHubThird Party Advisory
196133 – Double fetch problem in Linux-4.10.1/sound/isa/msnd/msnd_midi.cIssue Tracking
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
Linux kernel CVE-2017-9985 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-9985