CVE-2017-17975 - Vulnerability Details - OpenCVE

Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html
http://www.securityfocus.com/bid/102330
https://nvd.nist.gov/vuln/detail/CVE-2017-17975
https://usn.ubuntu.com/3653-1/
https://usn.ubuntu.com/3653-2/
https://usn.ubuntu.com/3654-1/
https://usn.ubuntu.com/3654-2/
https://usn.ubuntu.com/3656-1/
https://usn.ubuntu.com/3657-1/
https://www.cve.org/CVERecord?id=CVE-2017-17975
https://www.debian.org/security/2018/dsa-4188

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-30T01:00:00

Updated: 2024-08-05T21:06:49.896Z

Reserved: 2017-12-29T00:00:00

Link: CVE-2017-17975

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-12-30T01:29:00.877

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-17975

Redhat

Severity : Low

Publid Date: 2017-11-19T00:00:00Z

Links: CVE-2017-17975 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-29T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-23T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "102330", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102330"}, {"name": "USN-3654-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3654-1/"}, {"tags": ["x_refsource_MISC"], "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html"}, {"name": "DSA-4188", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4188"}, {"name": "USN-3653-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3653-2/"}, {"name": "USN-3654-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3654-2/"}, {"name": "USN-3656-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3656-1/"}, {"name": "USN-3653-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3653-1/"}, {"name": "USN-3657-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3657-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17975", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "102330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102330"}, {"name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/"}, {"name": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html", "refsource": "MISC", "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html"}, {"name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188"}, {"name": "USN-3653-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-2/"}, {"name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/"}, {"name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/"}, {"name": "USN-3653-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-1/"}, {"name": "USN-3657-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3657-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:06:49.896Z"}, "title": "CVE Program Container", "references": [{"name": "102330", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102330"}, {"name": "USN-3654-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3654-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html"}, {"name": "DSA-4188", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4188"}, {"name": "USN-3653-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3653-2/"}, {"name": "USN-3654-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3654-2/"}, {"name": "USN-3656-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3656-1/"}, {"name": "USN-3653-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3653-1/"}, {"name": "USN-3657-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3657-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17975", "datePublished": "2017-12-30T01:00:00", "dateReserved": "2017-12-29T00:00:00", "dateUpdated": "2024-08-05T21:06:49.896Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4110B01F-9664-4CAA-8C2B-F5EECA7365FA", "versionEndIncluding": "4.14.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure."}, {"lang": "es", "value": "Uso de memoria previamente liberada en la funci\u00f3n usbtv_probe en drivers/media/usb/usbtv/usbtv-core.c en el kernel de Linux hasta la versi\u00f3n 4.14.10 permite que atacantes provoquen una denegaci\u00f3n de servicio (cierre inesperado del sistema) o, posiblemente, causen otro tipo de impacto sin especificar desencadenando un error de registro de audio. Esto se debe a que un kfree de la estructura de datos usbtv ocurre durante una llamada usbtv_video_free, pero el c\u00f3digo de la etiqueta usbtv_video_fail intenta acceder y liberar esta estructura de datos."}], "id": "CVE-2017-17975", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-30T01:29:00.877", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102330"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3653-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3653-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3654-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3654-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3656-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3657-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102330"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3653-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3653-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3654-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3654-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3656-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3657-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2018/dsa-4188"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c", "id": "1531142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531142"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-416", "details": ["Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.", "A use-after-free fault in the Linux kernel's usbtv driver could allow an attacker to cause a denial of service (system crash), or have unspecified other impacts, by triggering failure of audio registration of USB hardware using the usbtv kernel module."], "name": "CVE-2017-17975", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-11-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-17975\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17975"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7, MRG-2 and real time kernels as the code which can trigger the flaw is not present in the products listed.", "threat_severity": "Low"}