{
  "threat_severity" : "Low",
  "public_date" : "2016-09-19T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: NULL pointer dereference due to race condition in probe function of legousbtower driver",
    "id" : "1505905",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1505905"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-476",
  "details" : [ "The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference." ],
  "statement" : "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2, as this flaw was fixed in 7.4 release.",
  "acknowledgement" : "Red Hat would like to thank James Patrick Evans for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-alt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-15102\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15102" ],
  "name" : "CVE-2017-15102",
  "csaw" : false
}