CVE-2017-12154

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f

http://www.debian.org/security/2017/dsa-3981

http://www.securityfocus.com/bid/100856

https://access.redhat.com/errata/RHSA-2018:0676

https://access.redhat.com/errata/RHSA-2018:1062

https://access.redhat.com/errata/RHSA-2019:1946

https://bugzilla.redhat.com/show_bug.cgi?id=1491224

https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f

https://usn.ubuntu.com/3698-1/

https://usn.ubuntu.com/3698-2/

https://www.spinics.net/lists/kvm/msg155414.html

Details

Source: MITRE

Published: 2017-09-26

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.13.3 (inclusive)

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
127633RHEL 7 : kernel (RHSA-2019:1946)NessusRed Hat Local Security Checks
high
127281NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)NessusNewStart CGSL Local Security Checks
critical
127272NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)NessusNewStart CGSL Local Security Checks
critical
125101EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1513)NessusHuawei Local Security Checks
critical
124821EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)NessusHuawei Local Security Checks
high
111887Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated)NessusPhotonOS Local Security Checks
high
110900Ubuntu 14.04 LTS : linux vulnerabilities (USN-3698-1)NessusUbuntu Local Security Checks
high
109449Scientific Linux Security Update : kernel on SL7.x x86_64 (20180410) (Meltdown)NessusScientific Linux Local Security Checks
critical
109380CentOS 7 : kernel (CESA-2018:1062)NessusCentOS Local Security Checks
critical
109158OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0035) (Dirty COW) (Meltdown) (Spectre)NessusOracleVM Local Security Checks
high
109156Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4071)NessusOracle Linux Local Security Checks
high
109113Oracle Linux 7 : kernel (ELSA-2018-1062)NessusOracle Linux Local Security Checks
critical
108997RHEL 7 : kernel (RHSA-2018:1062)NessusRed Hat Local Security Checks
critical
108984RHEL 7 : kernel-rt (RHSA-2018:0676)NessusRed Hat Local Security Checks
critical
105248OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)NessusOracleVM Local Security Checks
high
105247Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659)NessusOracle Linux Local Security Checks
high
104737Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3487-1)NessusUbuntu Local Security Checks
high
104703Virtuozzo 7 : readykernel-patch (VZA-2017-086)NessusVirtuozzo Local Security Checks
high
104578EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1245)NessusHuawei Local Security Checks
high
104453OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0167)NessusOracleVM Local Security Checks
high
104374SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2920-1) (KRACK) (Stack Clash)NessusSuSE Local Security Checks
critical
104369Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3635)NessusOracle Linux Local Security Checks
high
104321Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3469-2)NessusUbuntu Local Security Checks
high
104320Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3469-1)NessusUbuntu Local Security Checks
high
104271SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash)NessusSuSE Local Security Checks
critical
104253SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)NessusSuSE Local Security Checks
high
104180Amazon Linux AMI : kernel (ALAS-2017-914) (BlueBorne)NessusAmazon Linux Local Security Checks
high
104171SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)NessusSuSE Local Security Checks
high
104075openSUSE Security Update : the Linux Kernel (openSUSE-2017-1160)NessusSuSE Local Security Checks
high
104074openSUSE Security Update : the Linux Kernel (openSUSE-2017-1159)NessusSuSE Local Security Checks
high
103394Fedora 25 : kernel (2017-e07d7fb18e) (BlueBorne)NessusFedora Local Security Checks
high
103365Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)NessusDebian Local Security Checks
high
103363Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)NessusDebian Local Security Checks
high
103264Fedora 26 : kernel (2017-7369ea045c) (BlueBorne)NessusFedora Local Security Checks
high