exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

CVE-2017-12188

Status Candidate

Overview

arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."

Related Files

Red Hat Security Advisory 2018-0412-01
Posted Mar 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0412-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Kernel: KVM: MMU potential stack buffer overrun during page walks Kernel: KVM: debug exception via syscall emulation.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2017-12188, CVE-2017-7518
MD5 | 5cff55ee965eef1b0c9f86b703dd9ec9
Red Hat Security Advisory 2018-0395-01
Posted Mar 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0395-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-12188, CVE-2017-7518
MD5 | 41e50ef3330387866192c9597bea17a4
Ubuntu Security Notice USN-3488-1
Posted Nov 22, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3488-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-12188
MD5 | d34cb4725ea351f0b767b2b909e12fa3
Ubuntu Security Notice USN-3487-1
Posted Nov 22, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3487-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000255, CVE-2017-12153, CVE-2017-12154, CVE-2017-12188, CVE-2017-12190, CVE-2017-12192, CVE-2017-14156, CVE-2017-14489, CVE-2017-14954, CVE-2017-15265, CVE-2017-15537, CVE-2017-15649, CVE-2017-16525, CVE-2017-16526, CVE-2017-16527, CVE-2017-16529, CVE-2017-16530, CVE-2017-16531, CVE-2017-16533, CVE-2017-16534
MD5 | 7ad11b332e12a1efd657b9f496e49a87
Ubuntu Security Notice USN-3484-3
Posted Nov 22, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3484-3 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-12188
MD5 | 66bacd47a663c0d54ece524add84d230
Ubuntu Security Notice USN-3484-2
Posted Nov 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3484-2 - USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-12188
MD5 | 19e4db7ada05df9747621fb71935501e
Ubuntu Security Notice USN-3484-1
Posted Nov 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3484-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-12188
MD5 | 4e3b827121d1541ad1c6d68c8831039e
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close