7.2

CVE-2017-16538

drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.13.11
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.313
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.6 0.7 5.9
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://usn.ubuntu.com/3754-1/
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ
Third Party Advisory
https://patchwork.linuxtv.org/patch/44566/
Patch
Third Party Advisory
https://patchwork.linuxtv.org/patch/44567/
Patch
Third Party Advisory
https://usn.ubuntu.com/3631-1/
https://usn.ubuntu.com/3631-2/
https://www.debian.org/security/2017/dsa-4073
https://www.debian.org/security/2018/dsa-4082