CVE-2017-16646 : drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11

drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.

Published 2017-11-07 23:29:00

Updated 2018-04-07 01:29:04

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2017-16646

Linux » Linux Kernel
Versions up to, including, (<=) 4.13.11
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-16646

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-16646

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.6	MEDIUM	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	0.7	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-16646

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-16646

http://www.securityfocus.com/bid/101846

Linux Kernel 'drivers/media/usb/dvb-usb/dib0700_devices.c' Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://usn.ubuntu.com/3617-2/

USN-3617-2: Linux (HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://patchwork.linuxtv.org/patch/45291/

media: dib0700: fix invalid dvb_detach argument - Patchwork
Mailing List;Third Party Advisory
https://usn.ubuntu.com/3617-1/

USN-3617-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ

usb/media/dib0700: BUG in stk7070p_frontend_attach/symbol_put_addr - Google Groepen
Mailing List;Third Party Advisory
https://usn.ubuntu.com/3619-1/

USN-3619-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://usn.ubuntu.com/3619-2/

USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://usn.ubuntu.com/3617-3/

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-16646

Products affected by CVE-2017-16646

Exploit prediction scoring system (EPSS) score for CVE-2017-16646

CVSS scores for CVE-2017-16646

CWE ids for CVE-2017-16646

References for CVE-2017-16646