CVE-2017-18360

Impact:
Low
Public Date:
2017-05-11
CWE:
CWE-369
Bugzilla:
1671343: CVE-2017-18360 kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service
A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service.

Find out more about CVE-2017-18360 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 4.7
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2018:3096 2018-10-30
Red Hat Enterprise Linux 7 (kernel) RHSA-2018:3083 2018-10-30

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Will not fix
Red Hat Enterprise Linux 7 kernel-alt Not affected
Red Hat Enterprise Linux 6 kernel Will not fix
Red Hat Enterprise Linux 5 kernel Will not fix
Last Modified