CVE-2017-17741 : The KVM implementation in the Linux kernel through 4.14.7 allows attackers to ob

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.

Published 2017-12-18 08:29:00

Updated 2018-04-25 01:29:03

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-17741

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions up to, including, (<=) 4.14.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-17741

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-17741

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N	2.0	4.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2017-17741

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-17741

http://www.securityfocus.com/bid/102227

Linux Kernel CVE-2017-17741 Denial of Service Vulnerability
https://www.debian.org/security/2018/dsa-4082

Debian -- Security Information -- DSA-4082-1 linux

CVEs referencing this url
https://usn.ubuntu.com/3617-2/

USN-3617-2: Linux (HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html

[SECURITY] [DLA 1232-1] linux security update

CVEs referencing this url
https://usn.ubuntu.com/3632-1/

USN-3632-1: Linux kernel (Azure) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://usn.ubuntu.com/3617-1/

USN-3617-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://www.spinics.net/lists/kvm/msg160796.html

[PATCH v4] KVM: Fix stack-out-of-bounds read in write_mmio — Linux KVM
Issue Tracking;Patch;Third Party Advisory
https://usn.ubuntu.com/3620-2/

USN-3620-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://usn.ubuntu.com/3620-1/

USN-3620-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://usn.ubuntu.com/3619-1/

USN-3619-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://usn.ubuntu.com/3619-2/

USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://usn.ubuntu.com/3617-3/

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://www.debian.org/security/2017/dsa-4073

Debian -- Security Information -- DSA-4073-1 linux
Issue Tracking;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-17741

Products affected by CVE-2017-17741

Exploit prediction scoring system (EPSS) score for CVE-2017-17741

CVSS scores for CVE-2017-17741

CWE ids for CVE-2017-17741

References for CVE-2017-17741