CVE-2017-16535 in Ubuntu

CVE-2017-16535

Priority

Description

The usb_get_bos_descriptor function in drivers/usb/core/config.c in the
Linux kernel before 4.13.10 allows local users to cause a denial of service
(out-of-bounds read and system crash) or possibly have unspecified other
impact via a crafted USB device.

Ubuntu-Description

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did
not properly validate USB BOS metadata. A physically proximate attacker
could use this to cause a denial of service (system crash).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16535
https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e
https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ
https://ubuntu.com/security/notices/USN-3485-1
https://ubuntu.com/security/notices/USN-3485-2
https://ubuntu.com/security/notices/USN-3485-3
https://ubuntu.com/security/notices/USN-3507-1
https://ubuntu.com/security/notices/USN-3754-1

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected (4.13.0-25.29)
Ubuntu 16.04 ESM:	released (4.4.0-101.124)
Ubuntu 14.04 ESM:	released (3.13.0-157.207)

Patches:

Introduced by

3148bf041d169a083aa31bd69bedd5bfb7ffe215

Fixed by

1c0edc3633b56000e18d82fc241e3995ca18a69e

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.4.0-1041.50)
Ubuntu 14.04 ESM:	released (4.4.0-1003.3)

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.13.0-1005.7)
Ubuntu 14.04 ESM:	not-affected (4.15.0-1023.24~14.04.1)

Patches:

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected (4.18.0-1003.3~18.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.13.0-1002.5)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 16.04 ESM:	released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected (4.18.0-8.9~18.04.1)
Ubuntu 16.04 ESM:	released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.4.0-1010.15)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [was needs-triage now end-of-life])

Patches:

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (4.4.0-101.124~14.04.1)

Patches:

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.3)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected (4.13.0-1008.8)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.14~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 12:57:00 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)