{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-24T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3631-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3631-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://patchwork.linuxtv.org/patch/44566/"}, {"name": "DSA-4082", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4082"}, {"name": "USN-3631-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3631-1/"}, {"name": "SUSE-SU-2018:0011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"}, {"name": "USN-3754-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3754-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ"}, {"tags": ["x_refsource_MISC"], "url": "https://patchwork.linuxtv.org/patch/44567/"}, {"name": "DSA-4073", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4073"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16538", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3631-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-2/"}, {"name": "https://patchwork.linuxtv.org/patch/44566/", "refsource": "MISC", "url": "https://patchwork.linuxtv.org/patch/44566/"}, {"name": "DSA-4082", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4082"}, {"name": "USN-3631-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3631-1/"}, {"name": "SUSE-SU-2018:0011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"}, {"name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/"}, {"name": "https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ", "refsource": "MISC", "url": "https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ"}, {"name": "https://patchwork.linuxtv.org/patch/44567/", "refsource": "MISC", "url": "https://patchwork.linuxtv.org/patch/44567/"}, {"name": "DSA-4073", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4073"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:27:03.796Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3631-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3631-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://patchwork.linuxtv.org/patch/44566/"}, {"name": "DSA-4082", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4082"}, {"name": "USN-3631-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3631-1/"}, {"name": "SUSE-SU-2018:0011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"}, {"name": "USN-3754-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3754-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://patchwork.linuxtv.org/patch/44567/"}, {"name": "DSA-4073", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4073"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16538", "datePublished": "2017-11-04T01:00:00", "dateReserved": "2017-11-03T00:00:00", "dateUpdated": "2024-08-05T20:27:03.796Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AB470D9-2EFD-4F2C-838A-EF9815166D69", "versionEndIncluding": "4.13.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner)."}, {"lang": "es", "value": "drivers/media/usb/dvb-usb-v2/lmedm04.c en el kernel de Linux hasta la versi\u00f3n 4.13.10 permite que los usuarios locales provoquen una denegaci\u00f3n de servicio (fallo de protecci\u00f3n general y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. Esto est\u00e1 relacionado con la falta de una comprobaci\u00f3n de arranque en caliente y una sincronizaci\u00f3n incorrecta de attach (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner)."}], "id": "CVE-2017-16538", "lastModified": "2018-08-24T10:29:01.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-04T01:29:37.257", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchwork.linuxtv.org/patch/44566/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchwork.linuxtv.org/patch/44567/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3631-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3631-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3754-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2017/dsa-4073"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4082"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: general protection fault in drivers/media/usb/dvb-usb-v2/lmedm04.c", "id": "1510826", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510826"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-391", "details": ["drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).", "The drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner)."], "name": "CVE-2017-16538", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-09-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-16538\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16538"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as a code with the flaw is not present in this product.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}