Upstream information

CVE-2017-5549 at MITRE

Description

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.

SUSE information

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 2.11 1.17
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N AV:L/AC:H/Au:N/C:P/I:N/A:N
Access Vector Local Local
Access Complexity Low High
Authentication None None
Confidentiality Impact Partial Partial
Integrity Impact None None
Availability Impact None None
CVSS v3 Scores
  National Vulnerability Database
Base Score 5.5
Vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Access Vector Local
Access Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 1021256 [RESOLVED / ]

No SUSE Security Announcements cross referenced.