PT-2017-10943 · Linux+5 · Linux Kernel+5

Jan H. Schã¶Nherr

Publicado

2017-09-20

Atualizado

2019-10-03

CVE-2017-1000252

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.3

Description The issue allows guest OS users to cause a denial of service, leading to an assertion failure, and potentially causing the hypervisor to hang or crash. This is related to an out-of-bounds guest irq value in the KVM subsystem, specifically in the files arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.

Recommendations For Linux kernel versions prior to 4.13.3, update to version 4.13.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the KVM subsystem to minimize the risk of exploitation.

Correção

DoS

Assertion Failure

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-617CWE-20

Identificadores relacionados

ALT-PU-2017-2337

ALT-PU-2017-2375

ALT-PU-2017-2378

ALT-PU-2017-2379

ALT-PU-2018-1991

CESA-2018_1062

CVE-2017-1000252

DSA-3981-1

MGASA-2017-0381

MGASA-2017-0383

MGASA-2017-0384

MGASA-2017-0386

MGASA-2017-0387

MGASA-2017-0388

OPENSUSE-SU-2017_2739-1

OPENSUSE-SU-2017_2741-1

RHSA-2018:0676

RHSA-2018:1062

RHSA-2018:1130

RHSA-2018_0676

RHSA-2018_1062

SUSE-SU-2017:2847-1

SUSE-SU-2017:2869-1

SUSE-SU-2017:2956-1

SUSE-SU-2017_2847-1

SUSE-SU-2017_2869-1

USN-3468-1

USN-3468-2

USN-3468-3

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2017-10943 · Linux+5 · Linux Kernel+5

CVE-2017-1000252

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 359