7.8

CVE-2017-8072

The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version4.9
LinuxLinux Kernel Version4.9.1
LinuxLinux Kernel Version4.9.2
LinuxLinux Kernel Version4.9.3
LinuxLinux Kernel Version4.9.4
LinuxLinux Kernel Version4.9.5
LinuxLinux Kernel Version4.9.6
LinuxLinux Kernel Version4.9.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.1% 0.285
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C