VYPR
← All advisories
High severity7.8NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026

CVE-2017-1000363

CVE-2017-1000363

Description

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel lp.c missing bounds check in "lp=none" parsing allows out-of-bounds write via many kernel command-line arguments, potentially leading to privilege escalation.

Vulnerability

The Linux kernel's drivers/char/lp.c contains an out-of-bounds write vulnerability in the lp_setup() function. The static integer parport_ptr is not bounded when handling "lp=none" arguments from the kernel command line, allowing an attacker to overflow the parport_nr[] array if more than LP_NO such arguments are supplied. The bug exists in Linux kernels up to and including 4.12-rc1, affecting all versions from 2.2.x through 4.12-rc1 [1].

Exploitation

An adversary must be able to control or influence the kernel command line, which can occur in Secure Boot environments due to bootloader vulnerabilities (e.g., CVE-2016-10277 on Google Nexus 6). By appending many (>LP_NO) "lp=none" arguments, the attacker triggers the out-of-bounds write when parport_ptr exceeds the array size. No additional authentication or user interaction is required beyond kernel command line control [1].

Impact

Successful exploitation results in an out-of-bounds write to kernel memory. While the advisory [1] does not detail a specific exploit primitive, arbitrary writes to kernel memory can lead to denial of service, information disclosure, or privilege escalation, depending on the overwritten data structure. The vulnerability is rated CVSS v3 7.8 (High) and can compromise system integrity and confidentiality.

Mitigation

The patch has been committed to the mainline kernel tree and is included in Linux 4.12-rc2. Stable releases 3.18, 4.4, 4.9, and 4.11 also contain the fix. Users should update to a patched kernel version. No workaround exists without applying the patch [1].

References
  1. CVE-2017-1000363

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

68

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.