Lucene search

RedhatCVE-2017-12154

HistorySep 26, 2017 - 5:29 a.m.

CVE-2017-12154

2017-09-2605:29:00

redhat

web.nvd.nist.gov

150

cve-2017-12154

linux kernel

kvm

security vulnerability

hardware access

nvd

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

25.3%

JSON

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the “CR8-load exiting” and “CR8-store exiting” L0 vmcs02 controls exist in cases where L1 omits the “use TPR shadow” vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange≤4.13.3

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux kernel through 4.13.3",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Linux kernel through 4.13.3"
      }
    ]
  }
]