Medium severity6.6NVD Advisory· Published Dec 12, 2017· Updated May 13, 2026

CVE-2017-17558

Description

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <=4.14.5
SUSE S.A./Linux Enterprise Server2 versions
cpe:2.3:o:suse:linux_enterprise_server:11:extra:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:11:extra:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.spinics.net/lists/linux-usb/msg163644.htmlnvdIssue TrackingPatch
lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlnvdThird Party Advisory
openwall.com/lists/oss-security/2017/12/12/7nvdMailing ListThird Party Advisory
www.debian.org/security/2017/dsa-4073nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:0676nvd
access.redhat.com/errata/RHSA-2018:1062nvd
access.redhat.com/errata/RHSA-2019:1170nvd
access.redhat.com/errata/RHSA-2019:1190nvd
lists.debian.org/debian-lts-announce/2018/01/msg00004.htmlnvd
usn.ubuntu.com/3619-1/nvd
usn.ubuntu.com/3619-2/nvd
usn.ubuntu.com/3754-1/nvd
www.debian.org/security/2018/dsa-4082nvd
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.429
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000