CVE-2017-5547 : drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incor

drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

Published 2017-02-06 06:59:01

Updated 2023-02-10 00:54:27

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Products affected by CVE-2017-5547

Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.6
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.4 and before (<) 4.4.45
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-5547

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 24 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-5547

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-5547

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-5547

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d104af38b570d37aa32a5803b04c354f8ed513d

kernel/git/torvalds/linux.git - Linux kernel source tree
Issue Tracking;Patch;Third Party Advisory
https://github.com/torvalds/linux/commit/6d104af38b570d37aa32a5803b04c354f8ed513d

HID: corsair: fix DMA buffers on stack · torvalds/linux@6d104af · GitHub
Issue Tracking;Patch;Third Party Advisory
http://www.securityfocus.com/bid/95709

Linux Kernel CVE-2017-5547 Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6

Release Notes;Vendor Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1416096

1416096 – (CVE-2017-5547) CVE-2017-5547 kernel: DMA buffers on stack
Issue Tracking;Patch
http://www.openwall.com/lists/oss-security/2017/01/21/3

oss-security - Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel
Mailing List;Patch;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-5547

Products affected by CVE-2017-5547

Exploit prediction scoring system (EPSS) score for CVE-2017-5547

CVSS scores for CVE-2017-5547

CWE ids for CVE-2017-5547

References for CVE-2017-5547