VDB
CVE-2017-16912
CVE-2017-16912
PUBLISHED
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
EPSS 8.62% · 92.6th percentile
Risk Scores
EPSS Score
8.62%
92.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:14.04:LTS | linux | 3.13.0-43.72, 3.11.0-12.19, 3.12.0-1.3 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 0, 6.8.0-2019.20 |
| Ubuntu:16.04:LTS | linux | 4.4.0-81.104, 4.4.0-78.99, 4.4.0-77.98 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1100.107, 5.4.0-1096.103, 5.4.0-1094.101 |
| Ubuntu:14.04:LTS | linux-lts-xenial | 4.4.0-64.85~14.04.1, 4.4.0-62.83~14.04.1, 4.4.0-59.80~14.04.1 |
| Ubuntu:16.04:LTS | linux-gcp | 0, 4.10.0-1004.4, 4.10.0-1006.6 |
| Ubuntu:20.04:LTS | linux-azure-fde | 5.4.0-1086.91+cvm1.1, 0, 5.4.0-1063.66+cvm3.2 |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-24.28, 5.4.0-33.37, 5.4.0-40.45 |
| Ubuntu:Pro:FIPS:16.04:LTS | linux-fips | 4.4.0-1003.3, 4.4.0-1005.5, 0 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 0, 5.15.0-1073.75 |
| Ubuntu:24.04:LTS | linux-gcp-6.11 | 6.11.0-1006.6~24.04.2, *, * |
| Ubuntu:24.04:LTS | linux-azure-6.11 | 6.11.0-1018.18~24.04.1, 0, 6.11.0-1012.12~24.04.1 |
| Ubuntu:14.04:LTS | linux-aws | 4.4.0-1003.3, 4.4.0-1014.14, 4.4.0-1002.2 |
| Ubuntu:24.04:LTS | linux-lowlatency-hwe-6.11 | *, 0, 6.11.0-1009.10~24.04.1 |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1023.29, 4.4.0-1021.27, 4.4.0-1017.23 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1015.17, 5.3.0-1017.19, 5.3.0-1007.8 |
| Ubuntu:24.04:LTS | linux-hwe-6.11 | *, *, * |
| Ubuntu:16.04:LTS | linux-kvm | 4.4.0-1017.22, 4.4.0-1019.24, 4.4.0-1009.14 |
| Ubuntu:Pro:20.04:LTS | linux-azure-fde-5.15 | 5.15.0-1040.47~20.04.1.1, 5.15.0-1041.48~20.04.1.1, 5.15.0-1042.49~20.04.1.1 |
…and 5 more
Exploit Intelligence
- jedai47/CVE-2017-16994 (github-poc)
- jedai47/CVE-2017-16994 (github-poc)
- jedai47/CVE-2017-16994 (github-poc)
- jedai47/CVE-2017-16994 (github-poc)
- jedai47/CVE-2017-16994 (github-poc)
- jedai47/CVE-2017-16994 (github-poc)
Timeline
- Jan 31, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-16912 third-party-advisory
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 third-party-advisory
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 third-party-advisory
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 third-party-advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 third-party-advisory
- https://secuniaresearch.flexerasoftware.com/advisories/77000/ third-party-advisory
- https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/ third-party-advisory
- https://www.spinics.net/lists/linux-usb/msg163480.html third-party-advisory
- https://ubuntu.com/security/notices/USN-3619-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3619-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-3754-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-16912 third-party-advisory