Bug 1510835 (CVE-2017-16532) - CVE-2017-16532 kernel: Null pointer dereference in get_endpoints function in drivers/usb/misc/usbtest.c
Summary: CVE-2017-16532 kernel: Null pointer dereference in get_endpoints function in ...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-16532
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1510854
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-08 10:13 UTC by Adam Mariš
Modified: 2019-09-29 14:25 UTC (History)
41 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:30:43 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2017-11-08 10:13:49 UTC 
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

Upstream fix:

https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8

Bug report:

https://groups.google.com/forum/#!msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ
Comment 1 Adam Mariš 2017-11-08 10:27:20 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1510854]
Comment 2 Justin M. Forbes 2017-11-08 14:01:33 UTC 
Removed the fixed in version, the fix for this has not been included in upstream stable 4.13.11 or 4.13.12.
Note You need to log in before you can comment on or make changes to this bug.