Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2017-13166
HistoryApr 09, 2020 - 6:58 a.m.

CVE-2017-13166

2020-04-0906:58:20
redhat.com
access.redhat.com
17

EPSS

0.001

Percentile

26.7%

JSON

A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space. This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace process, leading to privilege escalation.

Mitigation

A systemtap script intercepting v4l2_compat_ioctl32() function of the [videodev] module and making it to return -ENOIOCTLCMD error value would work just fine, except breaking all 32bit video capturing software, but not 64bit ones.

Alternatively, blacklisting [videodev] module will work too, but it will break all video capturing software.

Related

prion 1
f5 1
debiancve 1
veracode 1
cvelist 1
cve 1
nvd 1
ubuntucve 1
openvas 72
suse 45
nessus 71
osv 1
debian 1
oraclelinux 1
prion
prion
Privilege escalation
2017-12-06 14:29:00
f5
f5
K02825271 : Linux kernel vulnerability CVE-2017-13166
2021-01-11 00:00:00
debiancve
debiancve
CVE-2017-13166
2017-12-06 14:29:01
veracode
veracode
Privilege Escalation
2019-05-16 02:23:11
cvelist
cvelist
CVE-2017-13166
2017-12-06 14:00:00
cve
cve
CVE-2017-13166
2017-12-06 14:29:01
nvd
nvd
CVE-2017-13166
2017-12-06 14:29:01
ubuntucve
ubuntucve
CVE-2017-13166
2017-12-06 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:1517-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1535-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1532-1)
2021-04-19 00:00:00
suse
suse
Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) (important)
2018-04-20 15:16:43
Security update for the Linux Kernel (Live Patch 31 for SLE 12) (important)
2018-04-20 15:33:13
Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (important)
2018-04-20 15:21:00
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1026-1)
2018-04-23 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1540-1)
2018-06-06 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1541-1)
2018-06-06 00:00:00
osv
osv
linux - security update
2018-02-22 00:00:00
debian
debian
[SECURITY] [DSA 4120-1] linux security update
2018-02-22 15:58:05
oraclelinux
oraclelinux
kernel security and bug fix update
2018-05-08 00:00:00

EPSS

0.001

Percentile

26.7%

JSON
Related for RH:CVE-2017-13166
prion1f51debiancve1veracode1cvelist1cve1nvd1ubuntucve1openvas72suse45nessus71osv1debian1oraclelinux1