CVE-2017-16532 in Ubuntu

CVE-2017-16532

Priority

Description

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux
kernel through 4.13.11 allows local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have unspecified
other impact via a crafted USB device.

Ubuntu-Description

Andrey Konovalov discovered that the usbtest device driver in the Linux
kernel did not properly validate endpoint metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16532
https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8
https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ
https://ubuntu.com/security/notices/USN-3617-1
https://ubuntu.com/security/notices/USN-3617-2
https://ubuntu.com/security/notices/USN-3617-3
https://ubuntu.com/security/notices/USN-3619-1
https://ubuntu.com/security/notices/USN-3619-2
https://ubuntu.com/security/notices/USN-3754-1

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-10.11)
Ubuntu 16.04 ESM:	released (4.4.0-119.143)
Ubuntu 14.04 ESM:	released (3.13.0-157.207)

Patches:

Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by

7c80f9e4a588f1925b07134bb2e3689335f6c6d8

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.4.0-1054.63)
Ubuntu 14.04 ESM:	released (4.4.0-1016.16)

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.13.0-1014.17)
Ubuntu 14.04 ESM:	not-affected (4.15.0-1023.24~14.04.1)

Patches:

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.18.0-1003.3~18.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.13.0-1012.16)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 16.04 ESM:	released (4.13.0-38.43~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.18.0-8.9~18.04.1)
Ubuntu 16.04 ESM:	released (4.13.0-38.43~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.4.0-1020.25)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [was needs-triage now end-of-life])

Patches:

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (4.4.0-119.143~14.04.1)

Patches:

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.3)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1006.7)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.14~rc5)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 12:56:59 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)