7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
KVM is vulnerable to privilege escalation vulnerability. A local attacker on the guest system can trigger a debug exception error in syscall emulation to gain elevated privileges on the guest system via the flawed Syscall Emulation Debugging
component.
www.openwall.com/lists/oss-security/2017/06/23/5
www.securityfocus.com/bid/99263
www.securitytracker.com/id/1038782
access.redhat.com/articles/3290921
access.redhat.com/articles/3368501
access.redhat.com/errata/RHSA-2018:0395
access.redhat.com/errata/RHSA-2018:0412
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518
usn.ubuntu.com/3619-1/
usn.ubuntu.com/3619-2/
usn.ubuntu.com/3754-1/
www.debian.org/security/2017/dsa-3981
www.spinics.net/lists/kvm/msg151817.html
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P