CVE-2017-6899

The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted /sys/kernel/debug/msm-bus-dbg/client-data/update-request write request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
lineageoslineageos
𝑥
≤ 2017-06-16
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libraw-devel
suse enterprise desktop 15
0.18.9-1.9
fixed
suse enterprise desktop 15 SP1
0.18.9-3.8.1
fixed
suse enterprise desktop 15 SP2
0.18.9-3.8.1
fixed
suse enterprise desktop 15 SP3
0.18.9-3.11.1
fixed
suse enterprise desktop 15 SP4
0.20.2-150400.1.36
fixed
suse enterprise sap 15
0.18.9-1.9
fixed
suse enterprise sap 15 SP1
0.18.9-3.8.1
fixed
suse enterprise sap 15 SP2
0.18.9-3.8.1
fixed
suse enterprise sap 15 SP3
0.18.9-3.11.1
fixed
suse enterprise sap 15 SP4
0.20.2-150400.1.36
fixed
suse enterprise server 15
0.18.9-1.9
fixed
suse enterprise server 15 SP1
0.18.9-3.8.1
fixed
suse enterprise server 15 SP2
0.18.9-3.8.1
fixed
suse enterprise server 15 SP3
0.18.9-3.11.1
fixed
suse enterprise server 15 SP4
0.20.2-150400.1.36
fixed
suse enterprise workstation 15
0.18.9-1.9
fixed
suse enterprise workstation 15 SP1
0.18.9-3.8.1
fixed
suse enterprise workstation 15 SP2
0.18.9-3.8.1
fixed
suse enterprise workstation 15 SP3
0.18.9-3.11.1
fixed
suse enterprise workstation 15 SP4
0.20.2-150400.1.36
fixed
libraw16
suse enterprise desktop 15
0.18.9-1.9
fixed
suse enterprise desktop 15 SP1
0.18.9-3.8.1
fixed
suse enterprise desktop 15 SP2
0.18.9-3.8.1
fixed
suse enterprise desktop 15 SP3
0.18.9-3.11.1
fixed
suse enterprise desktop 15 SP4
0.18.9-3.14.1
fixed
suse enterprise sap 15
0.18.9-1.9
fixed
suse enterprise sap 15 SP1
0.18.9-3.8.1
fixed
suse enterprise sap 15 SP2
0.18.9-3.8.1
fixed
suse enterprise sap 15 SP3
0.18.9-3.11.1
fixed
suse enterprise sap 15 SP4
0.18.9-3.14.1
fixed
suse enterprise server 15
0.18.9-1.9
fixed
suse enterprise server 15 SP1
0.18.9-3.8.1
fixed
suse enterprise server 15 SP2
0.18.9-3.8.1
fixed
suse enterprise server 15 SP3
0.18.9-3.11.1
fixed
suse enterprise server 15 SP4
0.18.9-3.14.1
fixed
suse enterprise workstation 15
0.18.9-1.9
fixed
suse enterprise workstation 15 SP1
0.18.9-3.8.1
fixed
suse enterprise workstation 15 SP2
0.18.9-3.8.1
fixed
suse enterprise workstation 15 SP3
0.18.9-3.11.1
fixed
suse enterprise workstation 15 SP4
0.18.9-3.14.1
fixed
Common Weakness Enumeration
References
http://blog.secret-team.cn/index.php/archives/5/
http://www.securityfocus.com/bid/99107
http://blog.secret-team.cn/index.php/archives/5/
http://www.securityfocus.com/bid/99107