Vulnerability Details : CVE-2017-8068
drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2017-8068
- cpe:2.3:o:linux:linux_kernel:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.9.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.9.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.9.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8068
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8068
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-8068
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8068
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11
Release Notes;Vendor Advisory
-
http://www.securityfocus.com/bid/98008
RETIRED: Linux Kernel 'drivers/net/usb/rtl8150.c' Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2017/04/16/4
oss-security - Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypassMailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/98000
Linux Kernel 'drivers/net/usb/pegasus.c' Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://github.com/torvalds/linux/commit/5593523f968bc86d42a035c6df47d5e0979b5ace
pegasus: Use heap buffers for all register access · torvalds/linux@5593523 · GitHubPatch
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5593523f968bc86d42a035c6df47d5e0979b5ace
kernel/git/torvalds/linux.git - Linux kernel source treePatch
Jump to