CVE-2017-18360: Divide by Zero
First published: Thu Jan 31 2019(Updated: )
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 | |
| Linux kernel | <4.11.3 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b
- http://www.securityfocus.com/bid/106802
- https://bugzilla.suse.com/show_bug.cgi?id=1123706
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3
- https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b
- https://usn.ubuntu.com/3933-1/
- https://usn.ubuntu.com/3933-2/
- https://launchpad.net/bugs/cve/CVE-2017-18360
- https://git.kernel.org/linus/6aeb75e6adfaed16e58780309613a578fe1ee90b
- https://security-tracker.debian.org/tracker/CVE-2017-18360
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18360
- https://nvd.nist.gov/vuln/detail/CVE-2017-18360
- https://ubuntu.com/security/CVE-2017-18360
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2017-18360.
What is the description of the vulnerability?
The vulnerability allows local users to cause a denial of service by division-by-zero in the serial device layer.
What is the affected software?
The Linux kernel versions before 4.11.3 are affected.
How can the vulnerability be fixed?
Upgrade to Linux kernel version 4.11.3 or later.
Where can I find more information about the vulnerability?
You can find more information about the vulnerability at the provided references.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/first-publish-date
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/trending
- agent/last-modified-date
- agent/source
- agent/tags
- agent/event
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04