admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

pushing flexera requests.

Browse Source
This commit is contained in:
CVE Team 2018-01-31 16:04:33 -05:00
parent be26edcf43
commit bf041bfcce
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
4 changed files with 256 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
2017/16xxx/CVE-2017-16911.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "PSIRT-CNA@flexerasoftware.com",
"DATE_PUBLIC" : "2018-01-31T00:00:00",
"ID" : "CVE-2017-16911",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
{
"version_value" : "Before version 4.14.8 and 4.4.114"
}
]
}
}
]
},
"vendor_name" : "Flexera Software LLC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,41 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Kernel memory address disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/"
},
{
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/80454/"
},
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
},
{
"url" : "https://www.spinics.net/lists/linux-usb/msg163480.html"
}
]
}

67
2017/16xxx/CVE-2017-16912.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "PSIRT-CNA@flexerasoftware.com",
"DATE_PUBLIC" : "2018-01-31T00:00:00",
"ID" : "CVE-2017-16912",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
{
"version_value" : "Before version 4.14.8, 4.9.71, and 4.4.114"
}
]
}
}
]
},
"vendor_name" : "Flexera Software LLC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,44 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The \"get_pipe()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service (out-of-bounds read)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
},
{
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/77000/"
},
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
},
{
"url" : "https://www.spinics.net/lists/linux-usb/msg163480.html"
}
]
}

67
2017/16xxx/CVE-2017-16913.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "PSIRT-CNA@flexerasoftware.com",
"DATE_PUBLIC" : "2018-01-31T00:00:00",
"ID" : "CVE-2017-16913",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
{
"version_value" : "Before version 4.14.8, 4.9.71, and 4.4.114"
}
]
}
}
]
},
"vendor_name" : "Flexera Software LLC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,44 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service (arbitrary memory allocation)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
},
{
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/80601/"
},
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
},
{
"url" : "https://www.spinics.net/lists/linux-usb/msg163480.html"
}
]
}

70
2017/16xxx/CVE-2017-16914.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "PSIRT-CNA@flexerasoftware.com",
"DATE_PUBLIC" : "2018-01-31T00:00:00",
"ID" : "CVE-2017-16914",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
{
"version_value" : "Before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107"
}
]
}
}
]
},
"vendor_name" : "Flexera Software LLC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,47 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The \"stub_send_ret_submit()\" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service (NULL pointer dereference)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/"
},
{
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/80722/"
},
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71"
},
{
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
},
{
"url" : "https://www.spinics.net/lists/linux-usb/msg163480.html"
}
]
}