DEBIAN-CVE-2017-17558

Advisory lineage Upstream: 1 Downstream: 3

Upstream

CVE-2017-17558

Downstream

DLA-1232-1 DSA-4073-1 DSA-4082-1

Published: 12 Dec 2017, 15:29

Last modified:28 Apr 2026, 20:17

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.6 MEDIUM

3.0 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Dec 2017, 15:29

Published

Vulnerability first disclosed

28 Apr 2026, 20:17

Last Modified

Vulnerability information updated

Description

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

CVSS Metrics

v3.0•MEDIUM•Score: 6.6CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

debian•linux
< 4.14.7-1 | < 4.14.7-1 | < 4.14.7-1 | < 4.14.7-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2017-17558