OVAL Reference oval:com.ubuntu.bionic:def:201717558000

Oval Definition:

oval:com.ubuntu.bionic:def:201717558000

Revision Date:	2017-12-12	Version:	1
Title:	CVE-2017-17558 on Ubuntu 18.04 LTS (bionic) - low.
Description:	The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2017-17558
Platform(s):	Ubuntu 18.04 LTS	Product(s):
Definition Synopsis
Ubuntu 18.04 LTS (bionic) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in bionic is not affected (note: '4.15.0-10.11'). OR NOT While related to the CVE in some way, the 'linux-aws' package in bionic is not affected (note: '4.15.0-1001.1'). OR NOT While related to the CVE in some way, the 'linux-azure' package in bionic is not affected (note: '4.15.0-1002.2'). OR NOT While related to the CVE in some way, the 'linux-azure-edge' package in bionic is not affected (note: '4.18.0-1003.3~18.04.1'). OR NOT While related to the CVE in some way, the 'linux-gcp' package in bionic is not affected (note: '4.15.0-1001.1'). OR NOT While related to the CVE in some way, the 'linux-hwe' package in bionic is not affected. OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '4.18.0-8.9~18.04.1'). OR NOT While related to the CVE in some way, the 'linux-kvm' package in bionic is not affected (note: '4.15.0-1002.2'). OR NOT While related to the CVE in some way, the 'linux-oem' package in bionic is not affected (note: '4.15.0-1002.3'). OR NOT While related to the CVE in some way, the 'linux-raspi2' package in bionic is not affected (note: '4.15.0-1006.7').

BACK