Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2017-12188

Published: 11/10/2017 Updated: 02/04/2024
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 6 | Exploitability Score: 1.1
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

arch/x86/kvm/mmu.c in the Linux kernel up to and including 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Ubuntu Security Notice: linux, linux-raspi2 vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-azure vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-gcp vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-hwe vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2017-12188
The Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled (nested=1), was vulnerable to a stack buffer overflow issue The vulnerability could occur while traversing guest page table entries to resolve guest virtual address(gva) An L1 guest could use this flaw to crash the host kernel r ...

References

CWE-121https://patchwork.kernel.org/patch/9996587/https://patchwork.kernel.org/patch/9996579/https://bugzilla.redhat.com/show_bug.cgi?id=1500380http://www.securityfocus.com/bid/101267https://access.redhat.com/errata/RHSA-2018:0412https://access.redhat.com/errata/RHSA-2018:0395https://access.redhat.com/errata/RHSA-2018:0395https://nvd.nist.govhttps://usn.ubuntu.com/3484-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook