CVE-2017-7273

Description

The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.

CVSS Metrics

• v3.0•MEDIUM•Score: 6.6CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.11%• Percentile: 29%

Affected Systems

• linux•linux_kernel

  4.0 | 4.0.0 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.0.6 | 4.0.7 | 4.0.8 | 4.0.9 | 4.10 | 4.1.2 | 4.13 | 4.14 | 4.15 | 4.1.6 | 4.17 | 4.1.8 | 4.1.9 | 4.1.10 | 4.1.11 | 4.1.12 | 4.1.13 | 4.1.14 | 4.1.15 | 4.1.16 | 4.1.17 | 4.1.18 | 4.1.19 | 4.1.20 | 4.1.21 | 4.1.22 | 4.1.23 | 4.1.33 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.2.4 | 4.2.5 | 4.2.7 | 4.2.8 | 4.3:rc7 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.5 | 4.3.6 | 4.4:rc8 | 4.4.0 | 4.4.1 | 4.4.2 | 4.4.3 | 4.4.4 | 4.4.5 | 4.4.6 | 4.4.7 | 4.4.8 | 4.4.9 | 4.4.22 | 4.4.23 | 4.4.24 | 4.4.25 | 4.4.26 | 4.4.27 | 4.4.28 | 4.4.32 | 4.5.0 | 4.5.0:rc7 | 4.5.1 | 4.5.2 | 4.5.3 | 4.5.4 | 4.5.5 | 4.5.7 | 4.6 | 4.6.2 | 4.6.3 | 4.6.4 | 4.6.5 | 4.6.6 | 4.6.7 | 4.7 | 4.7:rc6 | 4.7.4 | 4.7.6 | 4.8 | 4.8.1 | 4.8.2 | 4.8.3 | 4.8.4 | 4.8.5 | 4.8.6 | 4.8.7 | 4.8.8 | 4.8.9 | 4.8.10 | 4.8.11 | 4.8.12 | 4.8.14 | 4.8.16 | 4.8.17 | 4.9.1 | 4.9.2 | 4.9.3 | 4.10.1 | 4.10.2 | 4.10.4

References (5)

• http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.4
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1ebb71143758f45dc0fa76e2f48429e13b16d110
• https://github.com/torvalds/linux/commit/1ebb71143758f45dc0fa76e2f48429e13b16d110
• http://www.securityfocus.com/bid/97190
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4faec4a2ef5dd481682cc155cb9ea14ba2534b76