CVE-2017-17741LOW
Description
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
References
http://www.securityfocus.com/bid/102227
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3620-1/
https://usn.ubuntu.com/3620-2/
https://usn.ubuntu.com/3632-1/
https://www.debian.org/security/2017/dsa-4073
Details
Source: MITRE
Published: 2017-12-18
Updated: 2018-04-25
Type: CWE-125
Risk Information
CVSS v2.0
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Impact Score: 4
Exploitability Score: 2
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.14.7 (inclusive)
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 149098 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808) | Nessus | Huawei Local Security Checks | high |
| 125282 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1287-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
| 124953 | EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450) | Nessus | Huawei Local Security Checks | medium |
| 121914 | Photon OS 2.0: Linux PHSA-2018-2.0-0015 | Nessus | PhotonOS Local Security Checks | high |
| 121803 | Photon OS 1.0: Linux PHSA-2018-1.0-0102 | Nessus | PhotonOS Local Security Checks | high |
| 111914 | Photon OS 1.0: Linux PHSA-2018-1.0-0102 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 111285 | Photon OS 2.0 : linux (PhotonOS-PHSA-2018-2.0-0015) (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 111144 | Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4172) | Nessus | Oracle Linux Local Security Checks | high |
| 111022 | OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237) | Nessus | OracleVM Local Security Checks | high |
| 110998 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4164) | Nessus | Oracle Linux Local Security Checks | high |
| 110660 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1772-1) | Nessus | SuSE Local Security Checks | medium |
| 110658 | openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre) | Nessus | SuSE Local Security Checks | high |
| 110583 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4134) | Nessus | Oracle Linux Local Security Checks | medium |
| 110581 | OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0231) | Nessus | OracleVM Local Security Checks | medium |
| 109828 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4108) | Nessus | Oracle Linux Local Security Checks | high |
| 109316 | Ubuntu 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3632-1) | Nessus | Ubuntu Local Security Checks | high |
| 109127 | Amazon Linux 2 : kernel (ALAS-2018-956) (Dirty COW) (Spectre) | Nessus | Amazon Linux Local Security Checks | medium |
| 108878 | Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2) | Nessus | Ubuntu Local Security Checks | high |
| 108843 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-3620-1) | Nessus | Ubuntu Local Security Checks | critical |
| 108842 | Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1) | Nessus | Ubuntu Local Security Checks | high |
| 108840 | Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3) | Nessus | Ubuntu Local Security Checks | high |
| 108835 | Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2) | Nessus | Ubuntu Local Security Checks | high |
| 108834 | Ubuntu 17.10 : linux vulnerabilities (USN-3617-1) | Nessus | Ubuntu Local Security Checks | high |
| 108279 | SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0660-1) (Spectre) | Nessus | SuSE Local Security Checks | critical |
| 107055 | SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0555-1) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | critical |
| 106967 | SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0525-1) (Spectre) | Nessus | SuSE Local Security Checks | high |
| 106933 | Amazon Linux AMI : kernel (ALAS-2018-956) (Dirty COW) (Spectre) | Nessus | Amazon Linux Local Security Checks | medium |
| 106815 | SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0437-1) (Spectre) | Nessus | SuSE Local Security Checks | high |
| 106171 | Amazon Linux AMI : kernel (ALAS-2018-944) | Nessus | Amazon Linux Local Security Checks | high |
| 105830 | Fedora 27 : kernel (2017-1ebb87e7c0) | Nessus | Fedora Local Security Checks | low |
| 105704 | Debian DSA-4082-1 : linux - security update (Meltdown) | Nessus | Debian Local Security Checks | high |
| 105622 | Debian DLA-1232-1 : linux security update (Meltdown) | Nessus | Debian Local Security Checks | high |
| 105447 | Fedora 26 : kernel (2017-7810b7c59f) | Nessus | Fedora Local Security Checks | medium |
| 105433 | Debian DSA-4073-1 : linux - security update | Nessus | Debian Local Security Checks | high |