Back to search
CVE-2017-12188
Published: Oct 11, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."
| Vendor | Product | Versions |
|---|---|---|
n/a | Linux kernel | affected Linux kernel |
Weaknesses (CWE)
References
RHSA-2018:0412
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0395
vendor-advisory
x_refsource_REDHAT
https://patchwork.kernel.org/patch/9996587/
x_refsource_CONFIRM
https://patchwork.kernel.org/patch/9996579/
x_refsource_CONFIRM
101267
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1500380
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now