CVE-2017-17741
medium
CVSS v3
6.5
CVSS v2
2.1
VIR risk
6.5
Description
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
Predictions
Exploit likelihood
65%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-17741
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-17741.html
Vendor advisory: cve@mitre.org — https://www.spinics.net/lists/kvm/msg160796.html
Vendor advisory: arch — https://security.archlinux.org/ASA-201801-4
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 4.14.11.a-1 | |
| sles | affected | | |
| debian | bookworm | fixed | 4.14.7-1 |
| debian | bullseye | fixed | 4.14.7-1 |
| debian | forky | fixed | 4.14.7-1 |
| debian | sid | fixed | 4.14.7-1 |
| debian | trixie | fixed | 4.14.7-1 |
| debian | 9.0 | affected | |
| linux-kernel | affected | |
References
- https://security.archlinux.org/ASA-201801-4
- http://www.securityfocus.com/bid/102227
- https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3620-1/
- https://usn.ubuntu.com/3620-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- https://www.spinics.net/lists/kvm/msg160796.html
- https://www.suse.com/security/cve/CVE-2017-17741.html
- https://security-tracker.debian.org/tracker/CVE-2017-17741
CWEs
CWE-125
Verify integrity in audit chain (admin only). AS-IS.