CVE-2017-1000363

Advisory lineage Upstream: 0 Downstream: 16

Downstream

DEBIAN-CVE-2017-1000363 DLA-1099-1 DSA-3945-1 MGASA-2017-0186 MGASA-2017-0187 MGASA-2017-0188

Modified

Published: 13 Jul 2017, 20:00

Last modified:05 Aug 2024, 22:00

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.54% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Jul 2017, 20:00

Published

Vulnerability first disclosed

05 Aug 2024, 22:00

Last Modified

Vulnerability information updated

Description

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.54%• Percentile: 68%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

debian•debian_linux
8.0
linux•linux_kernel
≥ 2.6.12, < 3.2.91 | ≥ 3.3, < 3.10.106 | ≥ 3.11, < 3.16.46 | ≥ 3.17, < 3.18.55 | ≥ 3.19, < 4.1.41 | ≥ 4.2, < 4.4.70 | ≥ 4.5, < 4.9.30 | ≥ 4.10, < 4.11.3 | 4.12:rc1