Bugzilla – Bug 1035658
VUL-0: CVE-2017-8070: kernel-source: drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interactsincorrectly with the CONFIG...
Last modified: 2017-04-28 14:43:20 UTC
drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts
incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause
a denial of service (system crash or memory corruption) or possibly have
unspecified other impact by leveraging use of more than one virtual page for a
(all kernels affected. catc driver is supported in SLE)
CONFIG_VMAP_STACK is only available since v4.9-rc1. As the fix is in v4.10-rc8
and TW is already on 4.10.x, it seems that none of our kernels needs fixing.
Reassigned back to security team. Feel free to close.
fixed upstream, no current SUSE or openSUSE affected