CVE-2017-12154

{"id": "CVE-2017-12154", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2017-09-26T05:29:00.277", "references": [{"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2017/dsa-3981", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/100856", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0676", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:1062", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1946", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/3698-1/", "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/3698-2/", "source": "secalert@redhat.com"}, {"url": "https://www.spinics.net/lists/kvm/msg155414.html", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register."}, {"lang": "es", "value": "La funci\u00f3n prepare_vmcs02 en arch/x86/kvm/vmx.c en el kernel de Linux hasta la versi\u00f3n 4.13.3 no asegura que los controles L0 vmcs02 \"CR8-load exiting\" y \"CR8-store exiting\" existan en casos en los que L1 omite el control vmcs12 \"use TPR shadow\". Esto permite que los usuarios invitados del sistema operativo obtengan acceso de lectura y escritura al registro CR8 del hardware."}], "lastModified": "2023-02-12T23:27:26.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA1E2C32-ED0D-4E2B-A313-448CC0545ED2", "versionEndIncluding": "4.13.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}