CVE-2017-17975

{"id": "CVE-2017-17975", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-12-30T01:29:00.877", "references": [{"url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/102330", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3653-1/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3653-2/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3654-1/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3654-2/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3656-1/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3657-1/", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2018/dsa-4188", "source": "cve@mitre.org"}, {"url": "http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/102330", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3653-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3653-2/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3654-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3654-2/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3656-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3657-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2018/dsa-4188", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure."}, {"lang": "es", "value": "Uso de memoria previamente liberada en la funci\u00f3n usbtv_probe en drivers/media/usb/usbtv/usbtv-core.c en el kernel de Linux hasta la versi\u00f3n 4.14.10 permite que atacantes provoquen una denegaci\u00f3n de servicio (cierre inesperado del sistema) o, posiblemente, causen otro tipo de impacto sin especificar desencadenando un error de registro de audio. Esto se debe a que un kfree de la estructura de datos usbtv ocurre durante una llamada usbtv_video_free, pero el c\u00f3digo de la etiqueta usbtv_video_fail intenta acceder y liberar esta estructura de datos."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4110B01F-9664-4CAA-8C2B-F5EECA7365FA", "versionEndIncluding": "4.14.10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}