PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-5547 Linux CVE debrief

CVE-2017-5547 is a Linux kernel vulnerability in drivers/hid/hid-corsair.c that can let a local user trigger a denial of service, including system crash or memory corruption, and may have other unspecified impact. The issue is tied to incorrect interaction with CONFIG_VMAP_STACK and DMA scatterlists that span more than one virtual page. NVD rates the issue HIGH and identifies affected Linux kernel releases before the fixed versions referenced in the kernel changelog and patch commit.

Vendor
Linux
Product
CVE-2017-5547
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-06
Original CVE updated
2026-05-13
Advisory published
2017-02-06
Advisory updated
2026-05-13

Who should care

Linux kernel maintainers, distribution security teams, and operators running affected Linux kernel builds should care, especially systems that include the Corsair HID driver and may be built with CONFIG_VMAP_STACK. Because the attack vector is local and the privileges required are low, multi-user systems and hosts exposing untrusted local code execution paths deserve priority attention.

Technical summary

The vulnerability is in the Linux HID Corsair driver and is described as an incorrect interaction with CONFIG_VMAP_STACK. According to the NVD record, the affected kernel ranges include Linux 4.4 through before 4.4.45 and 4.5 through before 4.9.6. The flaw can be triggered by leveraging a DMA scatterlist that uses more than one virtual page, which can lead to memory corruption or a crash. NVD maps the weakness to CWE-119 and assigns CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

High. The CVSS score is 7.8 and the flaw can affect confidentiality, integrity, and availability from a local attack path. Systems running affected kernel versions should be patched to the vendor-fixed releases referenced by the kernel changelog and commit.

Recommended defensive actions

  • Upgrade Linux kernels to the fixed releases referenced by the kernel changelog, including 4.9.6 for the 4.9 line and 4.4.45 for the 4.4 line.
  • Verify whether deployed kernels include the affected hid-corsair driver path and whether CONFIG_VMAP_STACK is enabled in the build.
  • Prioritize patching on multi-user systems, developer workstations, and hosts where local code execution is possible.
  • Track distribution advisories that map to the upstream kernel patch commit and release notes for backported fixes.
  • Validate kernel versions against the NVD vulnerable CPE criteria before and after remediation.

Evidence notes

This debrief is based only on the supplied NVD record and the linked upstream/vendor references. The CVE was published on 2017-02-06 and later modified on 2026-05-13 in the supplied metadata. The NVD record identifies the vulnerable component, impact, CVSS vector, CWE-119 mapping, and version ranges. The linked kernel commit, changelog, and oss-security post are cited as patch and release references.

Official resources

Publicly disclosed and published in the CVE/NVD record on 2017-02-06. This debrief uses the supplied publication and modification timestamps for timing context only.