diff --git a/2017/16xxx/CVE-2017-16911.json b/2017/16xxx/CVE-2017-16911.json index d2d58d65cd7..1974464f42a 100644 --- a/2017/16xxx/CVE-2017-16911.json +++ b/2017/16xxx/CVE-2017-16911.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", + "DATE_PUBLIC" : "2018-01-31T00:00:00", "ID" : "CVE-2017-16911", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Linux Kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Before version 4.14.8 and 4.4.114" + } + ] + } + } + ] + }, + "vendor_name" : "Flexera Software LLC" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,41 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Kernel memory address disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/" + }, + { + "url" : "https://secuniaresearch.flexerasoftware.com/advisories/80454/" + }, + { + "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" + }, + { + "url" : "https://www.spinics.net/lists/linux-usb/msg163480.html" } ] } diff --git a/2017/16xxx/CVE-2017-16912.json b/2017/16xxx/CVE-2017-16912.json index 848390d180a..700dc8f960c 100644 --- a/2017/16xxx/CVE-2017-16912.json +++ b/2017/16xxx/CVE-2017-16912.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", + "DATE_PUBLIC" : "2018-01-31T00:00:00", "ID" : "CVE-2017-16912", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Linux Kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Before version 4.14.8, 4.9.71, and 4.4.114" + } + ] + } + } + ] + }, + "vendor_name" : "Flexera Software LLC" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,44 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The \"get_pipe()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of service (out-of-bounds read)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" + }, + { + "url" : "https://secuniaresearch.flexerasoftware.com/advisories/77000/" + }, + { + "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" + }, + { + "url" : "https://www.spinics.net/lists/linux-usb/msg163480.html" } ] } diff --git a/2017/16xxx/CVE-2017-16913.json b/2017/16xxx/CVE-2017-16913.json index b906429c460..2db68b207e2 100644 --- a/2017/16xxx/CVE-2017-16913.json +++ b/2017/16xxx/CVE-2017-16913.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", + "DATE_PUBLIC" : "2018-01-31T00:00:00", "ID" : "CVE-2017-16913", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Linux Kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Before version 4.14.8, 4.9.71, and 4.4.114" + } + ] + } + } + ] + }, + "vendor_name" : "Flexera Software LLC" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,44 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of service (arbitrary memory allocation)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" + }, + { + "url" : "https://secuniaresearch.flexerasoftware.com/advisories/80601/" + }, + { + "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" + }, + { + "url" : "https://www.spinics.net/lists/linux-usb/msg163480.html" } ] } diff --git a/2017/16xxx/CVE-2017-16914.json b/2017/16xxx/CVE-2017-16914.json index 477b0a487d7..be470279bf9 100644 --- a/2017/16xxx/CVE-2017-16914.json +++ b/2017/16xxx/CVE-2017-16914.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", + "DATE_PUBLIC" : "2018-01-31T00:00:00", "ID" : "CVE-2017-16914", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Linux Kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107" + } + ] + } + } + ] + }, + "vendor_name" : "Flexera Software LLC" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,47 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The \"stub_send_ret_submit()\" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of service (NULL pointer dereference)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/" + }, + { + "url" : "https://secuniaresearch.flexerasoftware.com/advisories/80722/" + }, + { + "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71" + }, + { + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8" + }, + { + "url" : "https://www.spinics.net/lists/linux-usb/msg163480.html" } ] }