CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
26.7%
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | 4.0 | cpe:2.3:o:linux:linux_kernel:4.0:*:*:*:*:*:*:* |
linux | linux_kernel | 4.0.0 | cpe:2.3:o:linux:linux_kernel:4.0.0:*:*:*:*:*:*:* |
linux | linux_kernel | 4.0.2 | cpe:2.3:o:linux:linux_kernel:4.0.2:*:*:*:*:*:*:* |
linux | linux_kernel | 4.0.3 | cpe:2.3:o:linux:linux_kernel:4.0.3:*:*:*:*:*:*:* |
linux | linux_kernel | 4.0.4 | cpe:2.3:o:linux:linux_kernel:4.0.4:*:*:*:*:*:*:* |
linux | linux_kernel | 4.0.5 | cpe:2.3:o:linux:linux_kernel:4.0.5:*:*:*:*:*:*:* |
linux | linux_kernel | 4.0.6 | cpe:2.3:o:linux:linux_kernel:4.0.6:*:*:*:*:*:*:* |
linux | linux_kernel | 4.0.7 | cpe:2.3:o:linux:linux_kernel:4.0.7:*:*:*:*:*:*:* |
linux | linux_kernel | 4.0.8 | cpe:2.3:o:linux:linux_kernel:4.0.8:*:*:*:*:*:*:* |
linux | linux_kernel | 4.0.9 | cpe:2.3:o:linux:linux_kernel:4.0.9:*:*:*:*:*:*:* |
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1ebb71143758f45dc0fa76e2f48429e13b16d110
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4faec4a2ef5dd481682cc155cb9ea14ba2534b76
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.4
www.securityfocus.com/bid/97190
github.com/torvalds/linux/commit/1ebb71143758f45dc0fa76e2f48429e13b16d110
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
26.7%