VDB-107131 · CVE-2017-12154 · BID 100856

Linux Kernel up to 4.13.3 CR8 arch/x86/kvm/vmx.c prepare_vmcs02 access control

A vulnerability has been found in Linux Kernel up to 4.13.3 (Operating System) and classified as critical. Affected by this vulnerability is the function prepare_vmcs02 of the file arch/x86/kvm/vmx.c of the component CR8 Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	09/26/2017 03:12 PM	11/19/2019 04:23 PM	01/14/2021 01:17 PM
date	1506384000 (09/26/2017)	1506384000 (09/26/2017)	1506384000 (09/26/2017)
location	GIT Repository	GIT Repository	GIT Repository
type	GIT Commit	GIT Commit	GIT Commit
url	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
name	Patch	Patch	Patch
patch_url	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
cve	CVE-2017-12154	CVE-2017-12154	CVE-2017-12154
cve_assigned	1501545600	1501545600	1501545600
cve_nvd_published	1506384000	1506384000	1506384000
cve_nvd_summary	The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.	The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.	The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
oval_id	oval:org.cisecurity:def:3328	oval:org.cisecurity:def:3328	oval:org.cisecurity:def:3328
securityfocus	100856	100856	100856
securityfocus_title	Linux Kernel CVE-2017-12154 Denial of Service Vulnerability	Linux Kernel CVE-2017-12154 Denial of Service Vulnerability	Linux Kernel CVE-2017-12154 Denial of Service Vulnerability
nessus_id	103363	103363	103363
nessus_name	Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)	Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)	Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)
nessus_filename	debian_DLA-1099.nasl	debian_DLA-1099.nasl	debian_DLA-1099.nasl
nessus_risk	High	High	High
nessus_family	Debian Local Security Checks	Debian Local Security Checks	Debian Local Security Checks
nessus_type	local	local	local
nessus_date	1505952000 (09/21/2017)	1505952000 (09/21/2017)	1505952000 (09/21/2017)
openvas_id	53754	53754	53754
openvas_filename	deb_3981.nasl	deb_3981.nasl	deb_3981.nasl
openvas_title	Debian Security Advisory DSA 3981-1 (linux - security update)	Debian Security Advisory DSA 3981-1 (linux - security update)	Debian Security Advisory DSA 3981-1 (linux - security update)
openvas_family	Debian Local Security Checks	Debian Local Security Checks	Debian Local Security Checks
qualys_id	351447	351447	351447
qualys_title	Amazon Linux Security Advisory for kernel: ALAC2012-2018-013	Amazon Linux Security Advisory for kernel: ALAC2012-2018-013	Amazon Linux Security Advisory for kernel: ALAC2012-2018-013
seealso	102802 103034 104449 104864 105193 105278 105605 105607 105731 106083 106127 106121 106273 106733 106736 106930 107472 109137 109138 111673	102802 103034 104449 104864 105193 105278 105605 105607 105731 106083 106127 106121 106273 106733 106736 106930 107472 109137 109138 111673	102802 103034 104449 104864 105193 105278 105605 105607 105731 106083 106127 106121 106273 106733 106736 106930 107472 109137 109138 111673
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
0day_days	5	5	5
cvss3_nvd_basescore	7.1	7.1	7.1
type	Operating System	Operating System	Operating System
vendor	Linux	Linux	Linux
name	Kernel	Kernel	Kernel
version	<=4.13.3	<=4.13.3	<=4.13.3
component	CR8 Handler	CR8 Handler	CR8 Handler
file	arch/x86/kvm/vmx.c	arch/x86/kvm/vmx.c	arch/x86/kvm/vmx.c
function	prepare_vmcs02	prepare_vmcs02	prepare_vmcs02
cwe	284 (privilege escalation)	284 (privilege escalation)	284 (privilege escalation)
risk	2	2	2
cvss2_vuldb_basescore	4.6	4.6	4.6
cvss2_vuldb_tempscore	4.0	4.0	4.0
cvss2_vuldb_av	L	L	L
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	L	L	L
cvss2_nvd_ac	L	L	L
cvss2_nvd_au	N	N	N
cvss2_nvd_ci	P	P	P
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	N	N	N
cvss3_meta_basescore	6.2	6.2	6.2
cvss3_meta_tempscore	5.9	5.9	5.9
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	5.1	5.1	5.1
cvss3_vuldb_av	L	L	L
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	L	L	L
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	L	L	L
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	H	H	H
cvss3_nvd_i	H	H	H
cvss3_nvd_a	N	N	N
person_nickname		Matt	Matt
company_name		Google	Google
confirm_url		http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
date		1505865600 (09/20/2017)	1505865600 (09/20/2017)
securityfocus_date		1505174400 (09/12/2017)	1505174400 (09/12/2017)
securityfocus_class		Failure to Handle Exceptional Conditions	Failure to Handle Exceptional Conditions
discoverydate		1505433600	1505433600
person_name			Jim Mattson
cvss2_nvd_basescore			3.6

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!