Home > Vulnerability Database > CVE-2017-1000363

Mend.io Vulnerability Database

CVE-2017-1000363

Good to know:

Date: July 13, 2017

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.

Language: C

Severity Score

7.8

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-1000363

Url: http://www.debian.org/security/2017/dsa-3945

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000363

Url: https://alephsecurity.com/vulns/aleph-2017023

Url: http://www.securityfocus.com/bid/98651

Url: https://www.mend.io/vulnerability-database/CVE-2017-1000363

Severity Score

7.8

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version v4.12-rc2,v3.16.46,v3.18.55,v3.2.91,v4.1.41,v4.11.3,v4.4.70,v4.9.30

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-1000363

Good to know:

Date: July 13, 2017

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?