Bugzilla – Bug 1035670
VUL-0: CVE-2017-8067: kernel-source: drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before4.10.12 interacts incorrec...
Last modified: 2017-04-28 22:40:03 UTC
drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before
4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows
local users to cause a denial of service (system crash or memory corruption) or
possibly have unspecified other impact by leveraging use of more than one
virtual page for a DMA scatterlist.
2.6.24 introduced this driver. supported in SLE
CONFIG_VMAP_STACK is new in 4.9, and it's already fixed in 4.10.12, thus TW is OK.
We are unaffected.
Reassigned back to security team. Feel free to close.
fixed upstream, no current SUSE or openSUSE affected