CVE-2017-2583
Kernel: Kvm: vmx/svm potential privilege escalation inside guest
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.
La implementación de load_segment_descriptor en arc/x86/kvm/emulate.c en el kernel de Linux en versiones anteriores a 4.9.5 emula indebidamente una instrucción "MOV SS, NULL selector", lo que permite a usuarios del SO invitado provocar una denegación de servicio (caída del SO invitado) u obteniendo privilegios de SO invitado a través de una aplicación manipulada.
Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-02-06 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3 | Issue Tracking | |
| http://www.openwall.com/lists/oss-security/2017/01/19/2 | Mailing List |
|
| http://www.securityfocus.com/bid/95673 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1414735 | 2017-06-28 | |
| https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3 | 2023-02-12 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3791 | 2023-02-12 | |
| http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2017:1615 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2017:1616 | 2023-02-12 | |
| https://usn.ubuntu.com/3754-1 | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2017-2583 | 2017-06-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.9.4 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.9.4" | - |
Affected
| ||||||