CVE-2017-5549
Published: 6 February 2017
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.
From the Ubuntu Security Team
It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory).
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
(4.13.0-16.19)
|
|
| artful |
Not vulnerable
(4.10.0-19.21)
|
|
| cosmic |
Not vulnerable
(4.15.0-20.21)
|
|
| trusty |
Released
(3.13.0-157.207)
|
|
| xenial |
Released
(4.4.0-63.84)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Not vulnerable
(4.9.0-15.16)
|
|
| precise |
Ignored
(end of life)
|
|
|
Patches: Introduced by abf492e7b3ae74873688cf9960283853a3054471 |
||
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| artful |
Does not exist
|
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-raring Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored)
|
|
| xenial |
Ignored
(abandoned)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored)
|
|
| xenial |
Ignored
(abandoned)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Does not exist
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored)
|
|
| upstream |
Released
(4.10~rc4)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored)
|
|
| xenial |
Ignored
(abandoned)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Does not exist
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Ignored
(end of life, was needed)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.4.0-63.84~14.04.2)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
|
|
| artful |
Not vulnerable
(4.4.0-1050.54)
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Released
(4.4.0-1047.51)
|
|
| yakkety |
Released
(4.4.0-1048.52)
|
|
| zesty |
Not vulnerable
(4.4.0-1047.51)
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
(4.15.0-1001.1)
|
|
| artful |
Does not exist
|
|
| cosmic |
Not vulnerable
(4.15.0-1007.7)
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
| xenial |
Released
(4.4.0-1003.12)
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Released
(4.10.0-27.30~16.04.2)
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
(4.18.0-8.9~18.04.1)
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Released
(4.10.0-27.30~16.04.2)
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(4.4.0-1003.3)
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
| artful |
Does not exist
|
|
| cosmic |
Not vulnerable
(4.15.0-1009.9)
|
|
| trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
| xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
(4.15.0-1001.1)
|
|
| artful |
Does not exist
|
|
| cosmic |
Not vulnerable
(4.15.0-1006.6)
|
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
| artful |
Does not exist
|
|
| cosmic |
Not vulnerable
(4.15.0-1008.8)
|
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
| zesty |
Does not exist
|
|
|
linux-euclid Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Does not exist
|
|
| artful |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Ignored
(was needed ESM criteria)
|
|
| zesty |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
(4.15.0-1002.3)
|
|
| artful |
Does not exist
|
|
| cosmic |
Not vulnerable
(4.15.0-1004.5)
|
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(4.13.0-1008.9)
|
|
| zesty |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
upstream |
Released
(4.10~rc4)
|
| bionic |
Not vulnerable
(4.18.0-1003.3~18.04.1)
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(4.15.0-1002.2)
|
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.10~rc4)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.10~rc4)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(4.10.0-1004.6)
|
| bionic |
Not vulnerable
(4.13.0-1005.5)
|
|
| cosmic |
Not vulnerable
(4.15.0-1010.11)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.10~rc4)
|
|
| xenial |
Released
(4.4.0-1044.51)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Not vulnerable
(4.10.0-1001.3)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5549
- http://seclists.org/oss-sec/2017/q1/161
- https://ubuntu.com/security/notices/USN-3208-1
- https://ubuntu.com/security/notices/USN-3208-2
- https://ubuntu.com/security/notices/USN-3361-1
- https://ubuntu.com/security/notices/USN-3754-1
- NVD
- Launchpad
- Debian