DEBIAN-CVE-2017-17558

DEBIAN-CVE-2017-17558 PUBLISHED CVSS 6.599999904632568 MEDIUM

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

Risk Scores

CVSS v3.0

6.599999904632568

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	linux	0, 0, 0
Debian:12	linux	0, 0, 0
Debian:11	linux	0, 0, 0
Debian:13	linux	0, 0, 0

Timeline

Dec 12, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-17558 advisory

Open in Interactive Console →