| Vulnerability Name: | CVE-2017-8069 (CCN-125358) | ||||||||||||||||||||
| Assigned: | 2017-04-16 | ||||||||||||||||||||
| Published: | 2017-04-16 | ||||||||||||||||||||
| Updated: | 2017-04-27 | ||||||||||||||||||||
| Summary: | drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-8069 Source: CONFIRM Type: Release Notes http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 Source: CCN Type: oss-sec Mailing List, Sun, 16 Apr 2017 16:25:38 -0400 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Source: MLIST Type: Mailing List, Patch [oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Source: XF Type: UNKNOWN linux-kernel-cve20178069-dos(125358) Source: CCN Type: Linux Kernel GIT Repository rtl8150: Use heap buffers for all register access Source: CONFIRM Type: Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7926aff5c57b577ab0f43364ff0c59d968f6a414 Source: CONFIRM Type: Patch https://github.com/torvalds/linux/commit/7926aff5c57b577ab0f43364ff0c59d968f6a414 Source: CCN Type: WhiteSource Vulnerability Database CVE-2017-8069 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||