CVE-2017-15102

MEDIUM Year: 2017
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-476
View all →

Vulnerability Description

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

Related Vulnerabilities

CVE-2019-3840

MEDIUM
CVSS:6.3(Medium)

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash lib...

CWE-4762019

CVE-2021-47267

MEDIUM
CVSS:6.3(Medium)

In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the u...

CWE-4762021

CVE-2022-2980

MEDIUM
CVSS:6.3(Medium)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.

CWE-4762022

CVE-2016-7609

MEDIUM
CVSS:6.2(Medium)

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service...

CWE-4762016

CVE-2017-6899

MEDIUM
CVSS:6.2(Medium)

The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices...

CWE-4762017

CVE-2020-29571

MEDIUM
CVSS:6.2(Medium)

An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer ...

CWE-4762020