CVE-2017-16531 in Ubuntu

CVE-2017-16531

Priority

Description

drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local
users to cause a denial of service (out-of-bounds read and system crash) or
possibly have unspecified other impact via a crafted USB device, related to
the USB_DT_INTERFACE_ASSOCIATION descriptor.

Ubuntu-Description

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did
not properly validate USB interface association descriptors. A physically
proximate attacker could use this to cause a denial of service (system
crash).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16531
https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb
https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ
https://ubuntu.com/security/notices/USN-3485-1
https://ubuntu.com/security/notices/USN-3485-2
https://ubuntu.com/security/notices/USN-3487-1
https://ubuntu.com/security/notices/USN-3485-3
https://ubuntu.com/security/notices/USN-3754-1

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected (4.13.0-17.20)
Ubuntu 16.04 ESM:	released (4.4.0-101.124)
Ubuntu 14.04 ESM:	released (3.13.0-157.207)

Patches:

Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by

bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.4.0-1041.50)
Ubuntu 14.04 ESM:	released (4.4.0-1003.3)

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.13.0-1005.7)
Ubuntu 14.04 ESM:	not-affected (4.15.0-1023.24~14.04.1)

Patches:

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected (4.18.0-1003.3~18.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.13.0-1002.5)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 16.04 ESM:	released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected (4.18.0-8.9~18.04.1)
Ubuntu 16.04 ESM:	released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.4.0-1010.15)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [was needs-triage now end-of-life])

Patches:

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (4.4.0-101.124~14.04.1)

Patches:

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.3)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected (4.13.0-1006.6)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.14~rc4)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 12:56:59 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)