CVE-2017-17741 - Vulnerability Details - OpenCVE

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102227
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
https://nvd.nist.gov/vuln/detail/CVE-2017-17741
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3620-1/
https://usn.ubuntu.com/3620-2/
https://usn.ubuntu.com/3632-1/
https://www.cve.org/CVERecord?id=CVE-2017-17741
https://www.debian.org/security/2017/dsa-4073
https://www.debian.org/security/2018/dsa-4082
https://www.spinics.net/lists/kvm/msg160796.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-18T08:00:00

Updated: 2024-08-05T20:59:17.618Z

Reserved: 2017-12-18T00:00:00

Link: CVE-2017-17741

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-12-18T08:29:00.210

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-17741

Redhat

Severity : Low

Publid Date: 2017-12-11T00:00:00Z

Links: CVE-2017-17741 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-18T00:00:00", "descriptions": [{"lang": "en", "value": "The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-24T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3617-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3617-1/"}, {"name": "USN-3619-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "DSA-4082", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4082"}, {"name": "USN-3617-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3617-3/"}, {"name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"}, {"name": "USN-3632-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3632-1/"}, {"name": "102227", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102227"}, {"name": "USN-3620-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3620-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.spinics.net/lists/kvm/msg160796.html"}, {"name": "DSA-4073", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4073"}, {"name": "USN-3617-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3617-2/"}, {"name": "USN-3620-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3620-1/"}, {"name": "USN-3619-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3619-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17741", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3617-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-1/"}, {"name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "DSA-4082", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4082"}, {"name": "USN-3617-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-3/"}, {"name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"}, {"name": "USN-3632-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3632-1/"}, {"name": "102227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102227"}, {"name": "USN-3620-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3620-2/"}, {"name": "https://www.spinics.net/lists/kvm/msg160796.html", "refsource": "MISC", "url": "https://www.spinics.net/lists/kvm/msg160796.html"}, {"name": "DSA-4073", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4073"}, {"name": "USN-3617-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-2/"}, {"name": "USN-3620-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3620-1/"}, {"name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:59:17.618Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3617-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3617-1/"}, {"name": "USN-3619-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "DSA-4082", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4082"}, {"name": "USN-3617-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3617-3/"}, {"name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"}, {"name": "USN-3632-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3632-1/"}, {"name": "102227", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102227"}, {"name": "USN-3620-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3620-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.spinics.net/lists/kvm/msg160796.html"}, {"name": "DSA-4073", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4073"}, {"name": "USN-3617-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3617-2/"}, {"name": "USN-3620-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3620-1/"}, {"name": "USN-3619-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3619-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17741", "datePublished": "2017-12-18T08:00:00", "dateReserved": "2017-12-18T00:00:00", "dateUpdated": "2024-08-05T20:59:17.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCF53DC7-5CFD-4A54-AABC-71D623665F85", "versionEndIncluding": "4.14.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h."}, {"lang": "es", "value": "La implementaci\u00f3n KVM en el kernel de Linux hasta la versi\u00f3n 4.14.7 permite que atacantes remotos obtengan informaci\u00f3n potencialmente sensible de la memoria del kernel. Esto tambi\u00e9n se conoce como una lectura fuera de l\u00edmites basada en pila write_mmio y est\u00e1 relacionado con arch/x86/kvm/x86.c e include/trace/events/kvm.h."}], "id": "CVE-2017-17741", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-18T08:29:00.210", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/102227"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3617-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3617-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3617-3/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3619-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3619-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3620-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3620-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3632-1/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4073"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4082"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.spinics.net/lists/kvm/msg160796.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/102227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3617-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3617-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3617-3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3619-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3619-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3620-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3620-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3632-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2018/dsa-4082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.spinics.net/lists/kvm/msg160796.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: kvm: stack-based out-of-bounds read via vmcall instruction", "id": "1527112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1527112"}, "csaw": false, "cvss": {"cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:N/A:N", "status": "draft"}, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.", "Linux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memory bytes."], "name": "CVE-2017-17741", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-12-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-17741\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17741"], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7.\nThis has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}