Medium severity6.6NVD Advisory· Published Nov 7, 2017· Updated May 13, 2026

CVE-2017-16644

Description

The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A flaw in the Linux kernel's hdpvr driver allows local users to cause a denial of service via a crafted USB device.

Vulnerability

The vulnerability resides in the hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c of the Linux kernel through version 4.13.11. When a crafted USB device is inserted, improper error handling in the probe function leads to a lockdep warning and subsequent system crash [2]. The code path is triggered during USB device enumeration when the driver attempts to register a non-static key without proper lockdep annotation.

Exploitation

An attacker with physical access or the ability to insert a malicious USB device can trigger the vulnerability. No authentication is required; the device is automatically probed by the kernel when connected. The syzkaller fuzzer reproduced the issue by emulating a malicious USB device that causes the hdpvr_probe function to call flush_work on an uninitialized workqueue, resulting in a kernel crash [2].

Impact

Successful exploitation results in a denial of service (system crash). The crash is caused by a lockdep warning that halts the system. The CVE description also mentions the possibility of "unspecified other impact," but no further details are provided in the available references.

Mitigation

The issue was addressed in a kernel patch submitted to the linux-media mailing list [3]. Users should update to a Linux kernel version containing the fix. If a patched kernel is not available, the risk can be mitigated by restricting physical access to USB ports and not allowing untrusted USB devices.

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <=4.13.11
osv-coords94 versions
pkg:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/kernel-bigsmp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012 pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/kernel-ppc64&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/kernel-ppc64&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-rt_trace&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-xen&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_26&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_26&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_26&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP3 pkg:rpm/suse/kgraft-patch-SLE12_Update_33&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
< 3.0.101-108.38.1+ 93 more
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.12.61-52.125.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.12.61-52.125.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 4.4.120-3.8.1
- (no CPE)range: < 3.0.101.rt130-69.24.1
- (no CPE)range: < 4.4.120-3.8.1
- (no CPE)range: < 3.0.101.rt130-69.24.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.12.61-52.125.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 3.0.101.rt130-69.24.1
- (no CPE)range: < 4.4.120-3.8.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.12.61-52.125.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 4.4.120-92.70.1
- (no CPE)range: < 4.4.120-94.17.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 3.0.101.rt130-69.24.1
- (no CPE)range: < 4.4.120-3.8.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-0.47.106.22.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 3.12.61-52.125.1
- (no CPE)range: < 3.0.101-108.38.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 3.12.74-60.64.85.1
- (no CPE)range: < 1-2.3.1
- (no CPE)range: < 1-2.3.1
- (no CPE)range: < 1-2.3.1
- (no CPE)range: < 1-3.3.1
- (no CPE)range: < 1-4.3.1
- (no CPE)range: < 1-1.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101842nvdThird Party AdvisoryVDB Entry
groups.google.com/d/msg/syzkaller/ngC5SLvxPm4/gduhCARhAwAJnvdMailing ListThird Party Advisory
patchwork.kernel.org/patch/9966135/nvdMailing ListThird Party Advisory
usn.ubuntu.com/3754-1/nvd
www.debian.org/security/2017/dsa-4073nvd

News mentions

No linked articles in our index yet.

cvss	0.429
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000