Vulnerability CVE-2017-18360

Vulnerability Name:

CVE-2017-18360 (CCN-156506)

Assigned:

2017-05-11

Published:

2017-05-11

Updated:

2019-04-17

Summary:

In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

4.7 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.1 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-369

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-18360

Source: MISC
Type: Patch, Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b

Source: BID
Type: Third Party Advisory, VDB Entry
106802

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1123706

Source: MISC
Type: Release Notes, Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3

Source: XF
Type: UNKNOWN
linux-kernel-cve201718360-dos(156506)

Source: CCN
Type: Linux Kernel GIT Repository
USB: serial: io_ti: fix div-by-zero in set_termios

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b

Source: UBUNTU
Type: Third Party Advisory
USN-3933-1

Source: UBUNTU
Type: Third Party Advisory
USN-3933-2

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-18360

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 4.11.3)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:4.11.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201718360	V	CVE-2017-18360	2022-05-20
oval:org.opensuse.security:def:35282	P	Security update for gegl (Important)	2021-12-28
oval:org.opensuse.security:def:34004	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:30265	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:31299	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:34549	P	Security update for gd (Moderate)	2021-09-23
oval:org.opensuse.security:def:31278	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:34538	P	Security update for postgresql12 (Moderate)	2021-09-16
oval:org.opensuse.security:def:33715	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:31239	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:33947	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:30210	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:36071	P	MozillaFirefox-31.7.0esr-0.8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31190	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:34421	P	Security update for java-1_7_0-openjdk (Moderate)	2021-04-29
oval:org.opensuse.security:def:33632	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:30057	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:34633	P	Security update for tomcat (Moderate)	2021-02-19
oval:org.opensuse.security:def:31343	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:34465	P	Security update for mutt (Moderate)	2021-01-22
oval:org.opensuse.security:def:34537	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:32019	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:35233	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:33621	P	Security update for openssl-1_0_0 (Important)	2020-12-09
oval:org.opensuse.security:def:31091	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:33620	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:36030	P	sblim-sfcb-1.3.11-0.19.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:29298	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:30528	P	Security update for IBM Java 6	2020-12-01
oval:org.opensuse.security:def:27908	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:34357	P	Security update for system-config-printer (Moderate)	2020-12-01
oval:org.opensuse.security:def:30527	P	Security update for java-1_4_2-ibm	2020-12-01
oval:org.opensuse.security:def:27851	P	Security update for pam	2020-12-01
oval:org.opensuse.security:def:34308	P	Security update for quota	2020-12-01
oval:org.opensuse.security:def:29262	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:27769	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:34250	P	Security update for postgresql10 (Low)	2020-12-01
oval:org.opensuse.security:def:28624	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:27641	P	Security update for libproxy	2020-12-01
oval:org.opensuse.security:def:34093	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:28580	P	Security update for libproxy	2020-12-01
oval:org.opensuse.security:def:27577	P	vte-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28564	P	Security update for OpenJDK 1.6	2020-12-01
oval:org.opensuse.security:def:27566	P	sendmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28525	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:27565	P	rxvt-unicode on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33851	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:28476	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:35392	P	Security update for opensc (Moderate)	2020-12-01
oval:org.opensuse.security:def:28423	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:35348	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:28271	P	Security update for mono-core (Moderate)	2020-12-01
oval:org.opensuse.security:def:35321	P	Security update for microcode_ctl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28187	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28130	P	Security update for icu (Important)	2020-12-01
oval:org.opensuse.security:def:31054	P	Security update for the Linux kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28046	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:35174	P	Security update for kvm	2020-12-01
oval:org.opensuse.security:def:30416	P	Security update for xorg-x11-libXext	2020-12-01
oval:org.opensuse.security:def:27918	P	Security update for xorg-x11-libXext	2020-12-01
oval:org.opensuse.security:def:35015	P	Security update for gpgme	2020-12-01
oval:org.opensuse.security:def:30372	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:27854	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:34925	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:30353	P	Security update for w3m	2020-12-01
oval:org.opensuse.security:def:27843	P	Security update for net-snmp (Moderate)	2020-12-01
oval:org.opensuse.security:def:34868	P	Security update for coreutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:30314	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:28171	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27842	P	Security update for nagios	2020-12-01
oval:org.opensuse.security:def:34769	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28136	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27498	P	libvorbis-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27454	P	libjasper-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29971	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:27440	P	libdhcp6client-1_0-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29914	P	Security update for libcdio (Low)	2020-12-01
oval:org.opensuse.security:def:27401	P	flac-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31981	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29827	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27352	P	sblim-sfcb-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29695	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:27299	P	sysconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29622	P	Security update for bsdtar (Important)	2020-12-01
oval:org.opensuse.security:def:27148	P	ibutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29611	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:27064	P	yast2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29015	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29610	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:27007	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28980	P	Security update for tidy (Low)	2020-12-01
oval:org.opensuse.security:def:26926	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31134	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:28342	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:26798	P	pam_ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30979	P	Security update for hunspell (Low)	2020-12-01
oval:org.opensuse.security:def:28298	P	Security update for net-snmp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26734	P	ldapsmb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30892	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:28284	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:35143	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26723	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30835	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28245	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35103	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26722	P	kbd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30745	P	Security update for ansible, python-straight-plugin (Moderate)	2020-12-01
oval:org.opensuse.security:def:28196	P	Security update for libevent (Moderate)	2020-12-01
oval:org.opensuse.security:def:30613	P	Security update for stunnel	2020-12-01
oval:org.opensuse.security:def:28143	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:30539	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27992	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34396	P	Security update for unzip (Moderate)	2020-12-01
oval:com.ubuntu.cosmic:def:2017183600000000	V	CVE-2017-18360 on Ubuntu 18.10 (cosmic) - medium.	2019-01-31
oval:com.ubuntu.bionic:def:201718360000	V	CVE-2017-18360 on Ubuntu 18.04 LTS (bionic) - medium.	2019-01-31
oval:com.ubuntu.bionic:def:2017183600000000	V	CVE-2017-18360 on Ubuntu 18.04 LTS (bionic) - medium.	2019-01-31
oval:com.ubuntu.cosmic:def:201718360000	V	CVE-2017-18360 on Ubuntu 18.10 (cosmic) - medium.	2019-01-31
oval:com.ubuntu.xenial:def:2017183600000000	V	CVE-2017-18360 on Ubuntu 16.04 LTS (xenial) - medium.	2019-01-31
oval:com.ubuntu.trusty:def:201718360000	V	CVE-2017-18360 on Ubuntu 14.04 LTS (trusty) - medium.	2019-01-31
oval:com.ubuntu.xenial:def:201718360000	V	CVE-2017-18360 on Ubuntu 16.04 LTS (xenial) - medium.	2019-01-31
oval:com.redhat.rhsa:def:20183083	P	RHSA-2018:3083: kernel security, bug fix, and enhancement update (Important)	2018-10-30
oval:com.redhat.rhsa:def:20183096	P	RHSA-2018:3096: kernel-rt security, bug fix, and enhancement update (Important)	2018-10-30

BACK