PT-2017-12392 · Linux+4 · Linux Kernel+4

Published

2017-10-10

Updated

2024-04-02

CVE-2017-12188

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.13.5

Description The issue arises when nested virtualisation is used, and the Linux kernel does not properly traverse guest pagetable entries to resolve a guest virtual address. This allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service, resulting in an incorrect index during page walking and potentially crashing the host OS.

Recommendations For Linux kernel versions through 4.13.5, update to a version later than 4.13.5 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

Fix

DoS

Stack Overflow

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-22

Related Identifiers

ALT-PU-2017-2425

ALT-PU-2017-2466

ALT-PU-2017-2467

ALT-PU-2018-1991

BDU:2026-02562

CESA-2018_0395

CVE-2017-12188

MGASA-2018-0062

MGASA-2018-0063

MGASA-2018-0064

RHSA-2018:0395

RHSA-2018:0412

RHSA-2018_0395

RHSA-2018_0412

USN-3484-1

USN-3484-2

USN-3484-3

USN-3487-1

USN-3488-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2017-12392 · Linux+4 · Linux Kernel+4

CVE-2017-12188

Weakness Enumeration

Related Identifiers

Affected Products

References · 59