CVE-2017-16525 in Ubuntu

CVE-2017-16525

Priority

Description

The usb_serial_console_disconnect function in drivers/usb/serial/console.c
in the Linux kernel before 4.13.8 allows local users to cause a denial of
service (use-after-free and system crash) or possibly have unspecified
other impact via a crafted USB device, related to disconnection and failed
setup.

Ubuntu-Description

Andrey Konovalov discovered a use-after-free vulnerability in the USB
serial console driver in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16525
https://github.com/torvalds/linux/commit/299d7572e46f98534033a9e65973f13ad1ce9047
https://github.com/torvalds/linux/commit/bd998c2e0df0469707503023d50d46cf0b10c787
https://groups.google.com/d/msg/syzkaller/cMACrmo1x0k/4KhRoUgABAAJ
https://ubuntu.com/security/notices/USN-3485-1
https://ubuntu.com/security/notices/USN-3485-2
https://ubuntu.com/security/notices/USN-3487-1
https://ubuntu.com/security/notices/USN-3485-3
https://ubuntu.com/security/notices/USN-3583-1
https://ubuntu.com/security/notices/USN-3583-2

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.13.0-17.20)
Ubuntu 16.04 ESM:	released (4.4.0-101.124)
Ubuntu 14.04 ESM:	released (3.13.0-142.191)

Patches:

Introduced by 73e487fdb75f8abf230968dbf73a3dc3b16808d3	Fixed by 299d7572e46f98534033a9e65973f13ad1ce9047
Introduced by 0e517c93dc027e49d4523fe32631606b12f0752d	Fixed by bd998c2e0df0469707503023d50d46cf0b10c787

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.4.0-1041.50)
Ubuntu 14.04 ESM:	released (4.4.0-1003.3)

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.13.0-1005.7)
Ubuntu 14.04 ESM:	not-affected (4.15.0-1023.24~14.04.1)

Patches:

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.13.0-1002.5)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 16.04 ESM:	released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	released (4.18.0-8.9~18.04.1)
Ubuntu 16.04 ESM:	released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.4.0-1010.15)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [was needs-triage now end-of-life])

Patches:

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (4.4.0-101.124~14.04.1)

Patches:

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.3)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.13.0-1006.6)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 12:56:57 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)