Use After Free Affecting kernel-rt package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-KERNELRT-1977232
- published 26 Jul 2021
- disclosed 4 Oct 2017
Introduced: 4 Oct 2017
CVE-2017-16525 Open this link in a new tabHow to fix?
There is no fixed version for Centos:7 kernel-rt.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-rt package and not the kernel-rt package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
References
- http://www.securityfocus.com/bid/102028
- https://access.redhat.com/security/cve/CVE-2017-16525
- https://github.com/torvalds/linux/commit/299d7572e46f98534033a9e65973f13ad1ce9047
- https://github.com/torvalds/linux/commit/bd998c2e0df0469707503023d50d46cf0b10c787
- https://groups.google.com/d/msg/syzkaller/cMACrmo1x0k/4KhRoUgABAAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/