PT-2017-12392 · Linux+4 · Linux Kernel+4

Publicado

2017-10-10

Atualizado

2024-04-02

CVE-2017-12188

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.13.5

Description The issue arises when nested virtualisation is used, and the Linux kernel does not properly traverse guest pagetable entries to resolve a guest virtual address. This allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service, resulting in an incorrect index during page walking and potentially crashing the host OS.

Recommendations For Linux kernel versions through 4.13.5, update to a version later than 4.13.5 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

Correção

DoS

Stack Overflow

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-22

Identificadores relacionados

ALT-PU-2017-2425

ALT-PU-2017-2466

ALT-PU-2017-2467

ALT-PU-2018-1991

BDU:2026-02562

CESA-2018_0395

CVE-2017-12188

MGASA-2018-0062

MGASA-2018-0063

MGASA-2018-0064

RHSA-2018:0395

RHSA-2018:0412

RHSA-2018_0395

RHSA-2018_0412

USN-3484-1

USN-3484-2

USN-3484-3

USN-3487-1

USN-3488-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2017-12392 · Linux+4 · Linux Kernel+4

CVE-2017-12188

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 59