CVE-2017-12188 Information
Share on:
Feb 14, 2021
cve
Description
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5 when nested virtualisation is used does not properly traverse guest pagetable entries to resolve a guest virtual address which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking and host OS crash) aka an \MMU potential stack buffer overrun.\
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/101267 https://access.redhat.com/errata/RHSA-2018:0395 https://access.redhat.com/errata/RHSA-2018:0412 https://bugzilla.redhat.com/show_bug.cgi?id=1500380 https://patchwork.kernel.org/patch/9996579/ https://patchwork.kernel.org/patch/9996587/
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8