Vulnerability Details : CVE-2017-12154
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
Exploit prediction scoring system (EPSS) score for CVE-2017-12154
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-12154
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST |
7.1
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST |
References for CVE-2017-12154
-
http://www.debian.org/security/2017/dsa-3981
Debian -- Security Information -- DSA-3981-1 linux
-
https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
kvm: nVMX: Don't allow L2 to access the hardware CR8 · torvalds/linux@51aa68e · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1491224
1491224 – (CVE-2017-12154) CVE-2017-12154 Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 registerIssue Tracking;Patch;Third Party Advisory
-
https://usn.ubuntu.com/3698-2/
USN-3698-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
-
https://www.spinics.net/lists/kvm/msg155414.html
[PATCH] kvm: nVMX: Don't allow L2 to access the hardware CR8 — Linux KVMMailing List;Patch;Third Party Advisory
-
https://usn.ubuntu.com/3698-1/
USN-3698-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://access.redhat.com/errata/RHSA-2019:1946
RHSA-2019:1946 - Security Advisory - Red Hat Customer Portal
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:0676
RHSA-2018:0676 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2018:1062
RHSA-2018:1062 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/100856
Linux Kernel CVE-2017-12154 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-12154
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*