### [CVE-2017-16914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16914)
![](https://img.shields.io/static/v1?label=Product&message=Linux%20Kernel&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Before%20version%204.14.8%2C%204.9.71%2C%204.1.49%2C%20and%204.4.107%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20service%20(NULL%20pointer%20dereference)&color=brightgreen)

### Description

The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.

### POC

#### Reference
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49

#### Github
No PoCs found on GitHub currently.