7.8

CVE-2017-18079

drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.2.94
LinuxLinux Kernel Version >= 3.3 < 3.16.49
LinuxLinux Kernel Version >= 3.17 < 3.18.63
LinuxLinux Kernel Version >= 3.19 < 4.1.44
LinuxLinux Kernel Version >= 4.2 < 4.4.79
LinuxLinux Kernel Version >= 4.5 < 4.9.40
LinuxLinux Kernel Version >= 4.10 < 4.12.4
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.334
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://usn.ubuntu.com/3655-1/
Third Party Advisory
https://usn.ubuntu.com/3655-2/
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226
Patch
Third Party Advisory
Issue Tracking
http://www.securityfocus.com/bid/102895
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/340d394a789518018f834ff70f7534fc463d3226
Patch
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
Patch
Release Notes
Issue Tracking