Back to search
CVE-2017-1000363
Published: Jul 13, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
98651
vdb-entry
x_refsource_BID
https://alephsecurity.com/vulns/aleph-2017023
x_refsource_MISC
DSA-3945
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now