CVE-2017-16643 - linux linux-zen linux-lts linux-hardened
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Denial of service |
| Description | The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. The issue occurs because parse_hid_report_descriptor() has a while (i < length) loop, which only guarantees that there's at least 1 byte in the buffer, but the loop body can read multiple bytes which causes out-of-bounds access. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-570 | linux-lts | 4.9.59-1 | 4.9.60-1 | High | Fixed | |
| AVG-569 | linux-zen | 4.13.11-1 | 4.14-1 | High | Fixed | |
| AVG-568 | linux-hardened | 4.13.11-1 | 4.14-1 | High | Fixed | |
| AVG-484 | linux | 4.13.11-1 | 4.14-1 | High | Fixed |
| References |
|---|
https://groups.google.com/forum/#!topic/syzkaller/McWFcOsA47Y https://git.kernel.org/linus/a50829479f58416a013a4ccca791336af3c584c7 |