Lucene search

MitreCVE-2017-8066

HistoryApr 23, 2017 - 5:59 a.m.

CVE-2017-8066

2017-04-2305:59:00

CWE-119

mitre

web.nvd.nist.gov

cve-2017-8066

linux kernel

denial of service

nvd

vulnerability

memory corruption

dma scatterlist

system crash

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

Affected configurations

Nvd

Node

linuxlinux_kernelMatch4.9

linuxlinux_kernelMatch4.9.1

linuxlinux_kernelMatch4.9.2

linuxlinux_kernelMatch4.9.3

linuxlinux_kernelMatch4.9.4

linuxlinux_kernelMatch4.9.5

linuxlinux_kernelMatch4.9.6

linuxlinux_kernelMatch4.9.8

linuxlinux_kernelMatch4.9.9

linuxlinux_kernelMatch4.9.10

linuxlinux_kernelMatch4.9.11

linuxlinux_kernelMatch4.9.12

linuxlinux_kernelMatch4.9.13

linuxlinux_kernelMatch4.9.14

linuxlinux_kernelMatch4.9.15

linuxlinux_kernelMatch4.9.16

linuxlinux_kernelMatch4.9.17

linuxlinux_kernelMatch4.9.18

linuxlinux_kernelMatch4.9.19

linuxlinux_kernelMatch4.10

linuxlinux_kernelMatch4.10.1

VendorProductVersionCPE
linuxlinux_kernel4.9cpe:2.3:o:linux:linux_kernel:4.9:*:*:*:*:*:*:*
linuxlinux_kernel4.9.1cpe:2.3:o:linux:linux_kernel:4.9.1:*:*:*:*:*:*:*
linuxlinux_kernel4.9.2cpe:2.3:o:linux:linux_kernel:4.9.2:*:*:*:*:*:*:*
linuxlinux_kernel4.9.3cpe:2.3:o:linux:linux_kernel:4.9.3:*:*:*:*:*:*:*
linuxlinux_kernel4.9.4cpe:2.3:o:linux:linux_kernel:4.9.4:*:*:*:*:*:*:*
linuxlinux_kernel4.9.5cpe:2.3:o:linux:linux_kernel:4.9.5:*:*:*:*:*:*:*
linuxlinux_kernel4.9.6cpe:2.3:o:linux:linux_kernel:4.9.6:*:*:*:*:*:*:*
linuxlinux_kernel4.9.8cpe:2.3:o:linux:linux_kernel:4.9.8:*:*:*:*:*:*:*
linuxlinux_kernel4.9.9cpe:2.3:o:linux:linux_kernel:4.9.9:*:*:*:*:*:*:*
linuxlinux_kernel4.9.10cpe:2.3:o:linux:linux_kernel:4.9.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	4.9	cpe:2.3:o:linux:linux_kernel:4.9:::::::*
linux	linux_kernel	4.9.1	cpe:2.3:o:linux:linux_kernel:4.9.1:::::::*
linux	linux_kernel	4.9.2	cpe:2.3:o:linux:linux_kernel:4.9.2:::::::*
linux	linux_kernel	4.9.3	cpe:2.3:o:linux:linux_kernel:4.9.3:::::::*
linux	linux_kernel	4.9.4	cpe:2.3:o:linux:linux_kernel:4.9.4:::::::*
linux	linux_kernel	4.9.5	cpe:2.3:o:linux:linux_kernel:4.9.5:::::::*
linux	linux_kernel	4.9.6	cpe:2.3:o:linux:linux_kernel:4.9.6:::::::*
linux	linux_kernel	4.9.8	cpe:2.3:o:linux:linux_kernel:4.9.8:::::::*
linux	linux_kernel	4.9.9	cpe:2.3:o:linux:linux_kernel:4.9.9:::::::*
linux	linux_kernel	4.9.10	cpe:2.3:o:linux:linux_kernel:4.9.10:::::::*

Rows per page:

1-10 of 211

References

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.2

www.openwall.com/lists/oss-security/2017/04/16/4

www.securityfocus.com/bid/97992

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c919a3069c775c1c876bec55e00b2305d5125caa

github.com/torvalds/linux/commit/c919a3069c775c1c876bec55e00b2305d5125caa

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2017-8066