Bug 1035670 - (CVE-2017-8067) VUL-0: CVE-2017-8067: kernel-source: drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before4.10.12 interacts incorrec...
(CVE-2017-8067)
VUL-0: CVE-2017-8067: kernel-source: drivers/char/virtio_console.c in the Lin...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/184098/
CVSSv2:SUSE:CVE-2017-8067:3.3:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-24 09:47 UTC by Marcus Meissner
Modified: 2017-04-28 22:40 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-04-24 09:47:02 UTC
CVE-2017-8067

drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before
4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows
local users to cause a denial of service (system crash or memory corruption) or
possibly have unspecified other impact by leveraging use of more than one
virtual page for a DMA scatterlist.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8067
https://github.com/torvalds/linux/commit/c4baad50297d84bde1a7ad45e50c73adae4a2192
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c4baad50297d84bde1a7ad45e50c73adae4a2192
Comment 1 Marcus Meissner 2017-04-24 09:50:25 UTC
2.6.24 introduced this driver. supported in SLE
Comment 2 Takashi Iwai 2017-04-24 14:10:12 UTC
CONFIG_VMAP_STACK is new in 4.9, and it's already fixed in 4.10.12, thus TW is OK.
We are unaffected.
Comment 3 Takashi Iwai 2017-04-28 09:13:31 UTC
Reassigned back to security team.  Feel free to close.
Comment 4 Marcus Meissner 2017-04-28 11:25:35 UTC
fixed upstream, no current SUSE or openSUSE affected