1671343 – (CVE-2017-18360) CVE-2017-18360 kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service

Bug 1671343 (CVE-2017-18360) - CVE-2017-18360 kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service

Summary: CVE-2017-18360 kernel: Division by zero in change_port_settings in drivers/us...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2017-18360
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1540721 1553351 1671752 1671753 1671755
Blocks:	1671344
TreeView+	depends on / blocked

Reported:	2019-01-31 13:05 UTC by Andrej Nemec
Modified:	2022-03-13 16:54 UTC (History)
CC List:	42 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service.
Clone Of:
Environment:
Last Closed:	2020-05-20 21:18:57 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2019-01-31 13:05:27 UTC

A division-by-zero in set_termios() when debugging is enabled was found in the Linux kernel. When [io_ti] driver is loaded a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash and a denial-of-service.

References:

https://marc.info/?l=linux-usb&m=149449572020916&w=2

An upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b

Comment 10 Product Security DevOps Team 2020-05-20 21:18:57 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2017-18360

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bhu
brdeoliv
bskeggs
dhoward
dmoppert
dvlasenk
fhrbata
hdegoede
hwkernel-mgr
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jkacur
john.j5live
jonathan
josef
jross
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
matt
mchehab
mcressma
mjg59
nmurray
plougher
rt-maint
rvrbovsk
steved
vdronov
williams
yozone