Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 618816 (CVE-2017-8924, CVE-2017-8925) - sys-kernel/gentoo-sources: Multiple Vulnerabilities (CVE-2017-{8924,8925})
Summary: sys-kernel/gentoo-sources: Multiple Vulnerabilities (CVE-2017-{8924,8925})
Status: RESOLVED FIXED
Alias: CVE-2017-8924, CVE-2017-8925
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Kernel Security
URL:
Whiteboard: [cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-18 06:14 UTC by GLSAMaker/CVETool Bot
Modified: 2022-03-25 23:04 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-05-18 06:14:59 UTC
CVE-2017-8925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8925):
  The omninet_open function in drivers/usb/serial/omninet.c in the Linux
  kernel before 4.10.4 allows local users to cause a denial of service (tty
  exhaustion) by leveraging reference count mishandling.

CVE-2017-8924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8924):
  The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the
  Linux kernel before 4.10.4 allows local users to obtain sensitive
  information (in the dmesg ringbuffer and syslog) from uninitialized kernel
  memory by using a crafted USB device (posing as an io_ti USB serial device)
  to trigger an integer underflow.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 23:04:03 UTC
Fixes in 4.9.16, 4.11