CVE-2017-12154
Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
La función prepare_vmcs02 en arch/x86/kvm/vmx.c en el kernel de Linux hasta la versión 4.13.3 no asegura que los controles L0 vmcs02 "CR8-load exiting" y "CR8-store exiting" existan en casos en los que L1 omite el control vmcs12 "use TPR shadow". Esto permite que los usuarios invitados del sistema operativo obtengan acceso de lectura y escritura al registro CR8 del hardware.
Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-01 CVE Reserved
- 2017-09-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/100856 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3981 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2018:0676 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2018:1062 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2019:1946 | 2023-02-12 | |
https://usn.ubuntu.com/3698-1 | 2023-02-12 | |
https://usn.ubuntu.com/3698-2 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2017-12154 | 2019-07-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.13.3 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.13.3" | - |
Affected
|