Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2017-17741

Published: 18/12/2017 Updated: 25/04/2018
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Linux Kernel

Vulnerability Summary

The KVM implementation in the Linux kernel up to and including 4.14.7 allows malicious users to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 9.0

Vendor Advisories

Debian Security Advisories: DSA-4073-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, potentially leading to a use-after-free ...
Ubuntu Security Notice: linux-hwe, linux-gcp, linux-oem vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2017-17741
Linux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue It could occur when emulating vmcall instructions invoked by a guest A guest user/process could use this flaw to disclose kernel memory bytes ...
Amazon Linux 2: ALAS2-2018-956
Stack-based out-of-bounds read via vmcall instructionLinux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue It could occur when emulating vmcall instructions invoked by a guest A guest user/process could use this flaw to disclose kernel memory bytes(CVE-2017-17741) drivers/block ...
Amazon Linux AMI: ALAS-2018-944
Race condition in raw_sendmsg function allows denial-of-service or kernel addresses leakA flaw was found in the Linux kernel's implementation of raw_sendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses A local attacker, with the privilege of creating raw sockets, can abuse a possible race condition when setting t ...
Amazon Linux AMI: ALAS-2018-956
Kernel address information leak in drivers/acpi/sbshcc:acpi_smbus_hc_add() function potentially allowing KASLR bypassThe acpi_smbus_hc_add function in drivers/acpi/sbshcc in the Linux kernel, through 41415, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call(CVE-2018-5750) Improper sortin ...
Arch Linux Issues:
The KVM implementation in the Linux kernel through 4147 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86c and include/trace/events/kvmh ...

References

CWE-125https://www.spinics.net/lists/kvm/msg160796.htmlhttps://www.debian.org/security/2017/dsa-4073https://www.debian.org/security/2018/dsa-4082https://lists.debian.org/debian-lts-announce/2018/01/msg00004.htmlhttp://www.securityfocus.com/bid/102227https://usn.ubuntu.com/3617-2/https://usn.ubuntu.com/3617-1/https://usn.ubuntu.com/3620-2/https://usn.ubuntu.com/3620-1/https://usn.ubuntu.com/3619-1/https://usn.ubuntu.com/3617-3/https://usn.ubuntu.com/3619-2/https://usn.ubuntu.com/3632-1/https://nvd.nist.govhttps://www.debian.org/security/./dsa-4073https://usn.ubuntu.com/3617-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook