Detections
Analytics
Ubuntu 16.04 LTS : Linux kernel (Azure) vulnerability (USN-3488-1)
high Nessus Plugin ID 104738
Language:
Synopsis
The remote Ubuntu host is missing a security update.Description
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3488-1 advisory.- arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an MMU potential stack buffer overrun. (CVE-2017-12188)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel package.See Also
Plugin Details
Severity: High
ID: 104738
File Name: ubuntu_USN-3488-1.nasl
Version: 3.11
Type: local
Agent: unix
Family: Ubuntu Local Security Checks
Published: 11/22/2017
Updated: 1/9/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 5.1
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2017-12188
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-4.11.0-1015-azure, cpe:/o:canonical:ubuntu_linux:16.04:-:lts
Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release
Exploit Ease: No known exploits are available
Patch Publication Date: 11/21/2017
Vulnerability Publication Date: 10/11/2017
Reference Information
CVE: CVE-2017-12188
USN: 3488-1