CVE-2017-7518

MEDIUM

Description

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.

References

http://www.openwall.com/lists/oss-security/2017/06/23/5

http://www.securityfocus.com/bid/99263

http://www.securitytracker.com/id/1038782

https://access.redhat.com/articles/3290921

https://access.redhat.com/errata/RHSA-2018:0395

https://access.redhat.com/errata/RHSA-2018:0412

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518

https://usn.ubuntu.com/3619-1/

https://usn.ubuntu.com/3619-2/

https://usn.ubuntu.com/3754-1/

https://www.debian.org/security/2017/dsa-3981

https://www.spinics.net/lists/kvm/msg151817.html

Details

Source: MITRE

Published: 2018-07-30

Updated: 2019-10-09

Type: CWE-755

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (23 total)

ID	Name	Product	Family	Severity
130736	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)	Nessus	Huawei Local Security Checks	critical
127165	NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0014)	Nessus	NewStart CGSL Local Security Checks	high
124953	EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)	Nessus	Huawei Local Security Checks	medium
124834	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)	Nessus	Huawei Local Security Checks	high
121997	Photon OS 2.0: Linux PHSA-2018-2.0-0101	Nessus	PhotonOS Local Security Checks	high
119423	Photon OS 2.0: Linux PHSA-2018-2.0-0101 (deprecated)	Nessus	PhotonOS Local Security Checks	high
112113	Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3754-1)	Nessus	Ubuntu Local Security Checks	high
109158	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0035) (Dirty COW) (Meltdown) (Spectre)	Nessus	OracleVM Local Security Checks	high
109156	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4071) (Dirty COW) (Meltdown) (Spectre)	Nessus	Oracle Linux Local Security Checks	high
109114	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0033)	Nessus	OracleVM Local Security Checks	high
109008	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4062)	Nessus	Oracle Linux Local Security Checks	high
108878	Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)	Nessus	Ubuntu Local Security Checks	high
108842	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)	Nessus	Ubuntu Local Security Checks	high
107271	CentOS 7 : kernel (CESA-2018:0395)	Nessus	CentOS Local Security Checks	medium
107210	Scientific Linux Security Update : kernel on SL7.x x86_64 (20180306)	Nessus	Scientific Linux Local Security Checks	medium
107203	Oracle Linux 7 : kernel (ELSA-2018-0395)	Nessus	Oracle Linux Local Security Checks	medium
107189	RHEL 7 : kernel-rt (RHSA-2018:0412)	Nessus	Red Hat Local Security Checks	medium
107186	RHEL 7 : kernel (RHSA-2018:0395)	Nessus	Red Hat Local Security Checks	medium
104374	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2920-1) (KRACK) (Stack Clash)	Nessus	SuSE Local Security Checks	critical
104271	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash)	Nessus	SuSE Local Security Checks	critical
104253	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)	Nessus	SuSE Local Security Checks	high
103365	Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)	Nessus	Debian Local Security Checks	high
101348	openSUSE Security Update : the Linux Kernel (openSUSE-2017-798) (Stack Clash)	Nessus	SuSE Local Security Checks	high