Main Vulnerability Database SB2017120116

SB2017120116 - Privilege escalation via USB device in Linux kernel

Published: December 1, 2017

Security Bulletin ID SB2017120116

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2017-15102)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to a race condition and a NULL pointer dereference within tower_probe() function in drivers/usb/misc/legousbtower.c in Linux kernel before 4.8.1. A local user with physical access to the computer and ability to insert USB flash drive can execute arbitrary code with escalated privileges. The USB device would have to delay the control message in tower_probe and accept the control urb in tower_open whilst guest code initiated a write to the device file as tower_delete is called from the error in tower_probe.

According to vendor this security issue exists since 2003.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2fae9e5a7babada041e2e1...