618816 – (CVE-2017-8924, CVE-2017-8925) sys-kernel/gentoo-sources: Multiple Vulnerabilities (CVE-2017-{8924,8925})

Bug 618816 (CVE-2017-8924, CVE-2017-8925) - sys-kernel/gentoo-sources: Multiple Vulnerabilities (CVE-2017-{8924,8925})

Summary: sys-kernel/gentoo-sources: Multiple Vulnerabilities (CVE-2017-{8924,8925})

Status:	RESOLVED FIXED

Alias:	CVE-2017-8924, CVE-2017-8925

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:	[cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-05-18 06:14 UTC by GLSAMaker/CVETool Bot
Modified:	2022-03-25 23:04 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-05-18 06:14:59 UTC

CVE-2017-8925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8925):
  The omninet_open function in drivers/usb/serial/omninet.c in the Linux
  kernel before 4.10.4 allows local users to cause a denial of service (tty
  exhaustion) by leveraging reference count mishandling.

CVE-2017-8924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8924):
  The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the
  Linux kernel before 4.10.4 allows local users to obtain sensitive
  information (in the dmesg ringbuffer and syslog) from uninitialized kernel
  memory by using a crafted USB device (posing as an io_ti USB serial device)
  to trigger an integer underflow.

Comment 1 John Helmert III archtester

2022-03-25 23:04:03 UTC

Fixes in 4.9.16, 4.11