CVE-2017-8070

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.9.11

Description The issue is caused by a buffer overflow in the Linux kernel's drivers/net/usb/catc.c driver. It allows a local attacker to cause a denial of service, such as a system crash or memory corruption, by interacting incorrectly with the CONFIG VMAP STACK parameter and using more than one virtual page for a DMA scatterlist.

Recommendations For Linux kernel versions prior to 4.9.11, update to version 4.9.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CONFIG VMAP STACK option to minimize the risk of exploitation.