CVE-2017-12154 : The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

Published 2017-09-26 05:29:00

Updated 2023-02-12 23:27:27

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-12154

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-12154

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.6	LOW	AV:L/AC:L/Au:N/C:P/I:P/A:N	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
7.1	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	1.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

References for CVE-2017-12154

http://www.debian.org/security/2017/dsa-3981

Debian -- Security Information -- DSA-3981-1 linux

CVEs referencing this url
https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f

kvm: nVMX: Don't allow L2 to access the hardware CR8 · torvalds/linux@51aa68e · GitHub
Issue Tracking;Patch;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1491224

1491224 – (CVE-2017-12154) CVE-2017-12154 Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register
Issue Tracking;Patch;Third Party Advisory
https://usn.ubuntu.com/3698-2/

USN-3698-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://www.spinics.net/lists/kvm/msg155414.html

[PATCH] kvm: nVMX: Don't allow L2 to access the hardware CR8 — Linux KVM
Mailing List;Patch;Third Party Advisory
https://usn.ubuntu.com/3698-1/

USN-3698-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1946

RHSA-2019:1946 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f

kernel/git/torvalds/linux.git - Linux kernel source tree
Issue Tracking;Patch;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0676

RHSA-2018:0676 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:1062

RHSA-2018:1062 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.securityfocus.com/bid/100856

Linux Kernel CVE-2017-12154 Denial of Service Vulnerability
Third Party Advisory;VDB Entry

Products affected by CVE-2017-12154

Linux » Linux Kernel
Versions up to, including, (<=) 4.13.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-12154

Exploit prediction scoring system (EPSS) score for CVE-2017-12154

CVSS scores for CVE-2017-12154

References for CVE-2017-12154

Products affected by CVE-2017-12154