CVE-2017-8072 : The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linu

The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.

Published 2017-04-23 05:59:01

Updated 2017-04-27 17:50:06

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-8072

Linux » Linux Kernel » Version: 4.9.5
cpe:2.3:o:linux:linux_kernel:4.9.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 4.9
cpe:2.3:o:linux:linux_kernel:4.9:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 4.9.1
cpe:2.3:o:linux:linux_kernel:4.9.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 4.9.2
cpe:2.3:o:linux:linux_kernel:4.9.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 4.9.3
cpe:2.3:o:linux:linux_kernel:4.9.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 4.9.4
cpe:2.3:o:linux:linux_kernel:4.9.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 4.9.6
cpe:2.3:o:linux:linux_kernel:4.9.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 4.9.8
cpe:2.3:o:linux:linux_kernel:4.9.8:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-8072

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-8072

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-8072

CWE-388

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-8072

http://www.securityfocus.com/bid/98010

Linux Kernel 'drivers/hid/hid-cp2112.c' Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.openwall.com/lists/oss-security/2017/04/16/4

oss-security - Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8e9faa15469ed7c7467423db4c62aeed3ff4cae3

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch
https://github.com/torvalds/linux/commit/8e9faa15469ed7c7467423db4c62aeed3ff4cae3

HID: cp2112: fix gpio-callback error handling · torvalds/linux@8e9faa1 · GitHub
Patch
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9

Vendor Advisory;Release Notes

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-8072

Products affected by CVE-2017-8072

Exploit prediction scoring system (EPSS) score for CVE-2017-8072

CVSS scores for CVE-2017-8072

CWE ids for CVE-2017-8072

References for CVE-2017-8072