CVE-2017-17558 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Denial of service
Description	The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-574	linux-hardened	4.14.7.a-1	4.14.11.a-1	High	Fixed	FS#56832
AVG-571	linux-zen	4.14.7-1	4.14.11-1	High	Fixed	FS#56832
AVG-561	linux-lts	4.9.68-1	4.9.74-1	High	Fixed
AVG-552	linux	4.14.7-1	4.14.11-1	High	Fixed	FS#56832

Date	Advisory	Group	Package	Severity	Type
05 Jan 2018	ASA-201801-4	AVG-574	linux-hardened	High	multiple issues
05 Jan 2018	ASA-201801-3	AVG-571	linux-zen	High	multiple issues
05 Jan 2018	ASA-201801-2	AVG-561	linux-lts	High	multiple issues
05 Jan 2018	ASA-201801-1	AVG-552	linux	High	multiple issues

References
https://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7 http://openwall.com/lists/oss-security/2017/12/12/7