CVE-2017-16643

Public on 2017-11-07

Modified on 2017-12-21

Description

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel, before 4.13.11, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

Severity

Low

See what this means

CVSS v3 Base Score

4.6

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	kernel	2017-12-21 00:02	ALAS-2017-937

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	4.6	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD	CVSSv2	7.2	AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD	CVSSv3	6.6	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2017-16643 Mitre: CVE-2017-16643 FAQs regarding Amazon Linux ALAS/CVE Severity