CVE-2017-17741

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.

References

http://www.securityfocus.com/bid/102227

https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html

https://usn.ubuntu.com/3617-1/

https://usn.ubuntu.com/3617-2/

https://usn.ubuntu.com/3617-3/

https://usn.ubuntu.com/3619-1/

https://usn.ubuntu.com/3619-2/

https://usn.ubuntu.com/3620-1/

https://usn.ubuntu.com/3620-2/

https://usn.ubuntu.com/3632-1/

https://www.debian.org/security/2017/dsa-4073

https://www.debian.org/security/2018/dsa-4082

https://www.spinics.net/lists/kvm/msg160796.html

Details

Source: MITRE

Published: 2017-12-18

Updated: 2018-04-25

Type: CWE-125

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.14.7 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
153271EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-2392)NessusHuawei Local Security Checks
high
149098EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)NessusHuawei Local Security Checks
high
125282SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1287-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124953EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)NessusHuawei Local Security Checks
high
121914Photon OS 2.0: Linux PHSA-2018-2.0-0015NessusPhotonOS Local Security Checks
high
121803Photon OS 1.0: Linux PHSA-2018-1.0-0102NessusPhotonOS Local Security Checks
high
111914Photon OS 1.0: Linux PHSA-2018-1.0-0102 (deprecated)NessusPhotonOS Local Security Checks
high
111285Photon OS 2.0 : linux (PhotonOS-PHSA-2018-2.0-0015) (deprecated)NessusPhotonOS Local Security Checks
high
111144Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4172)NessusOracle Linux Local Security Checks
high
111022OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)NessusOracleVM Local Security Checks
high
110998Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4164)NessusOracle Linux Local Security Checks
high
110660SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1772-1)NessusSuSE Local Security Checks
high
110658openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)NessusSuSE Local Security Checks
high
110583Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4134)NessusOracle Linux Local Security Checks
high
110581OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0231)NessusOracleVM Local Security Checks
high
109828Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4108)NessusOracle Linux Local Security Checks
high
109316Ubuntu 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3632-1)NessusUbuntu Local Security Checks
high
109127Amazon Linux 2 : kernel (ALAS-2018-956) (Dirty COW) (Spectre)NessusAmazon Linux Local Security Checks
high
108878Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)NessusUbuntu Local Security Checks
high
108843Ubuntu 14.04 LTS : linux vulnerabilities (USN-3620-1)NessusUbuntu Local Security Checks
critical
108842Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)NessusUbuntu Local Security Checks
high
108840Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)NessusUbuntu Local Security Checks
high
108835Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2)NessusUbuntu Local Security Checks
high
108834Ubuntu 17.10 : linux vulnerabilities (USN-3617-1)NessusUbuntu Local Security Checks
high
108279SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0660-1) (Spectre)NessusSuSE Local Security Checks
critical
107055SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0555-1) (Meltdown) (Spectre)NessusSuSE Local Security Checks
critical
106967SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0525-1) (Spectre)NessusSuSE Local Security Checks
high
106933Amazon Linux AMI : kernel (ALAS-2018-956) (Dirty COW) (Spectre)NessusAmazon Linux Local Security Checks
high
106815SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0437-1) (Spectre)NessusSuSE Local Security Checks
high
106171Amazon Linux AMI : kernel (ALAS-2018-944)NessusAmazon Linux Local Security Checks
high
105830Fedora 27 : kernel (2017-1ebb87e7c0)NessusFedora Local Security Checks
medium
105704Debian DSA-4082-1 : linux - security update (Meltdown)NessusDebian Local Security Checks
high
105622Debian DLA-1232-1 : linux security update (Meltdown)NessusDebian Local Security Checks
high
105447Fedora 26 : kernel (2017-7810b7c59f)NessusFedora Local Security Checks
high
105433Debian DSA-4073-1 : linux - security updateNessusDebian Local Security Checks
high