Linux Kernel up to 4.13.3 CR8 arch/x86/kvm/vmx.c prepare_vmcs02 access control

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Linux Kernel up to 4.13.3 (Operating System) and classified as critical. Affected by this vulnerability is the function prepare_vmcs02 of the file arch/x86/kvm/vmx.c of the component CR8 Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field09/26/2017 03:12 PM11/19/2019 04:23 PM01/14/2021 01:17 PM
date1506384000 (09/26/2017)1506384000 (09/26/2017)1506384000 (09/26/2017)
locationGIT RepositoryGIT RepositoryGIT Repository
typeGIT CommitGIT CommitGIT Commit
urlhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94fhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94fhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
price_0day$5k-$25k$5k-$25k$5k-$25k
namePatchPatchPatch
patch_urlhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94fhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94fhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
cveCVE-2017-12154CVE-2017-12154CVE-2017-12154
cve_assigned150154560015015456001501545600
cve_nvd_published150638400015063840001506384000
cve_nvd_summaryThe prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
oval_idoval:org.cisecurity:def:3328oval:org.cisecurity:def:3328oval:org.cisecurity:def:3328
securityfocus100856100856100856
securityfocus_titleLinux Kernel CVE-2017-12154 Denial of Service VulnerabilityLinux Kernel CVE-2017-12154 Denial of Service VulnerabilityLinux Kernel CVE-2017-12154 Denial of Service Vulnerability
nessus_id103363103363103363
nessus_nameDebian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)
nessus_filenamedebian_DLA-1099.nasldebian_DLA-1099.nasldebian_DLA-1099.nasl
nessus_riskHighHighHigh
nessus_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
nessus_typelocallocallocal
nessus_date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
openvas_id537545375453754
openvas_filenamedeb_3981.nasldeb_3981.nasldeb_3981.nasl
openvas_titleDebian Security Advisory DSA 3981-1 (linux - security update)Debian Security Advisory DSA 3981-1 (linux - security update)Debian Security Advisory DSA 3981-1 (linux - security update)
openvas_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
qualys_id351447351447351447
qualys_titleAmazon Linux Security Advisory for kernel: ALAC2012-2018-013Amazon Linux Security Advisory for kernel: ALAC2012-2018-013Amazon Linux Security Advisory for kernel: ALAC2012-2018-013
seealso102802 103034 104449 104864 105193 105278 105605 105607 105731 106083 106127 106121 106273 106733 106736 106930 107472 109137 109138 111673102802 103034 104449 104864 105193 105278 105605 105607 105731 106083 106127 106121 106273 106733 106736 106930 107472 109137 109138 111673102802 103034 104449 104864 105193 105278 105605 105607 105731 106083 106127 106121 106273 106733 106736 106930 107472 109137 109138 111673
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
0day_days555
cvss3_nvd_basescore7.17.17.1
typeOperating SystemOperating SystemOperating System
vendorLinuxLinuxLinux
nameKernelKernelKernel
version<=4.13.3<=4.13.3<=4.13.3
componentCR8 HandlerCR8 HandlerCR8 Handler
filearch/x86/kvm/vmx.carch/x86/kvm/vmx.carch/x86/kvm/vmx.c
functionprepare_vmcs02prepare_vmcs02prepare_vmcs02
cwe284 (privilege escalation)284 (privilege escalation)284 (privilege escalation)
risk222
cvss2_vuldb_basescore4.64.64.6
cvss2_vuldb_tempscore4.04.04.0
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore6.26.26.2
cvss3_meta_tempscore5.95.95.9
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aNNN
person_nicknameMattMatt
company_nameGoogleGoogle
confirm_urlhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94fhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
date1505865600 (09/20/2017)1505865600 (09/20/2017)
securityfocus_date1505174400 (09/12/2017)1505174400 (09/12/2017)
securityfocus_classFailure to Handle Exceptional ConditionsFailure to Handle Exceptional Conditions
discoverydate15054336001505433600
person_nameJim Mattson
cvss2_nvd_basescore3.6

Want to stay up to date on a daily basis?

Enable the mail alert feature now!