PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-5546 Linux CVE debrief

CVE-2017-5546 is a Linux kernel flaw in the slab allocator’s freelist-randomization logic. NVD describes it as allowing a local user to trigger duplicate freelist entries and a system crash, with the possibility of other unspecified impact in some circumstances. The issue is fixed in Linux 4.9.5, and NVD rates it High severity with a local, low-privilege attack path.

Vendor
Linux
Product
CVE-2017-5546
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-06
Original CVE updated
2026-05-13
Advisory published
2017-02-06
Advisory updated
2026-05-13

Who should care

Linux kernel maintainers, distro security teams, and operators of systems running affected kernel versions should care, especially where untrusted local users, containers, or multi-tenant workloads exist.

Technical summary

The vulnerability is in mm/slab.c and involves freelist randomization. According to the NVD record, the affected range includes Linux kernel versions starting at 4.7 and ending before 4.9.5, while the description specifically calls out 4.8.x and 4.9.x before 4.9.5. The NVD CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local attack requiring low privileges and potentially high impact if the flaw is reached. The provided references include the upstream kernel commit and the 4.9.5 changelog that document the fix.

Defensive priority

High for any environment running an affected Linux kernel, especially systems where local users can obtain shell access or where privilege boundaries matter.

Recommended defensive actions

  • Upgrade Linux kernels to 4.9.5 or later, or to a vendor-supported build that includes the fix.
  • Confirm whether any deployed kernels fall within the affected NVD range (4.7 through before 4.9.5).
  • Prioritize patching on multi-user servers, shared hosting, CI systems, and container hosts where local privilege boundaries are meaningful.
  • If immediate patching is not possible, reduce exposure to untrusted local code execution and limit local account access where operationally feasible.
  • Track vendor advisories and downstream backports to verify the fix is present in distribution kernels.

Evidence notes

The NVD record provides the affected version criteria (Linux kernel 4.7 through before 4.9.5), CVSS 3.1 vector, and CWE-noinfo classification. The CVE description states the bug is in mm/slab.c and can cause duplicate freelist entries, a system crash, or possibly other impact. The upstream Linux commit and the Linux 4.9.5 changelog are included in the official references as patch/release-note evidence.

Official resources

Publicly disclosed and published in the CVE record on 2017-02-06. The official references show the fix in the upstream Linux commit and the Linux 4.9.5 changelog. This CVE is not listed as a KEV item in the supplied data.