PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-5548 Linux CVE debrief

CVE-2017-5548 is a Linux kernel vulnerability in drivers/net/ieee802154/atusb.c affecting 4.9.x before 4.9.6. According to the NVD record, the issue involves incorrect interaction with CONFIG_VMAP_STACK and a DMA scatterlist that spans more than one virtual page. A local user can trigger denial of service, memory corruption, and possibly other unspecified impact.

Vendor
Linux
Product
CVE-2017-5548
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-06
Original CVE updated
2026-05-13
Advisory published
2017-02-06
Advisory updated
2026-05-13

Who should care

Linux kernel maintainers, distro security teams, and operators of embedded or IoT systems that use the ieee802154/atusb driver path, especially on 4.9.x kernels with CONFIG_VMAP_STACK enabled or backported.

Technical summary

The vulnerable code path is in the atusb driver under drivers/net/ieee802154/atusb.c. The NVD description and linked upstream references indicate that when CONFIG_VMAP_STACK is in play, handling a DMA scatterlist that covers more than one virtual page can go wrong. The practical result is a local, low-privilege attack surface with potential for system crash, memory corruption, and broader but unspecified impact. The CVSS vector provided by NVD is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, reflecting a locally exploitable flaw with high impact if triggered.

Defensive priority

High for any exposed or unpatched Linux 4.9.x system. Even though the attack requires local access, the impact includes crash and memory corruption, and the affected driver is part of the kernel attack surface.

Recommended defensive actions

  • Upgrade or backport the fix that landed in the upstream Linux commit referenced by the NVD record (05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655).
  • Move systems on 4.9.x to at least Linux 4.9.6, which is the release noted in the official changelog reference.
  • Check whether CONFIG_VMAP_STACK is enabled in deployed kernels and prioritize remediation on systems using that configuration.
  • Inventory hosts that include the ieee802154/atusb driver path or related embedded wireless stacks, then validate they are on a fixed kernel build.
  • Apply vendor kernel advisories or distro backports where available, since many deployments rely on downstream patching rather than vanilla kernel releases.
  • Monitor for unexplained kernel crashes or memory-corruption symptoms on affected systems until patched.

Evidence notes

All substantive claims here are drawn from the supplied NVD record and the official references it lists: the kernel commit, the 4.9.6 changelog, the Openwall oss-security post, Red Hat bugzilla entry, and the SecurityFocus advisory. The CVSS vector and CWE-119 classification are taken from the NVD metadata. The vulnerability is described as affecting Linux kernel 4.9.x before 4.9.6.

Official resources

Publicly disclosed on 2017-02-06 per the supplied CVE and NVD timestamps. The NVD record was later modified on 2026-05-13, but that date is metadata update time, not the vulnerability date.