| Name | CVE-2017-17975 |
| Description | Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-4188-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| linux (PTS) | bullseye | 5.10.223-1 | fixed |
| bullseye (security) | 5.10.234-1 | fixed | |
| bookworm | 6.1.129-1 | fixed | |
| bookworm (security) | 6.1.128-1 | fixed | |
| trixie | 6.12.20-1 | fixed | |
| sid | 6.12.21-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| linux | source | wheezy | (not affected) | |||
| linux | source | jessie | (not affected) | |||
| linux | source | stretch | 4.9.88-1 | DSA-4188-1 | ||
| linux | source | (unstable) | 4.15.17-1 |
[jessie] - linux <not-affected> (Vulnerable code path not present)
[wheezy] - linux <not-affected> (Vulnerable code path not present)