7.8

CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version7.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
LinuxLinux Kernel Version < 4.12
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.7% 0.482
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
secalert@redhat.com 5.5 2.1 3.4
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://usn.ubuntu.com/3754-1/
Third Party Advisory
https://usn.ubuntu.com/3619-1/
Third Party Advisory
https://usn.ubuntu.com/3619-2/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0395
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0412
Third Party Advisory
https://www.debian.org/security/2017/dsa-3981
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/06/23/5
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/99263
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038782
Third Party Advisory
VDB Entry
https://access.redhat.com/articles/3290921
Third Party Advisory
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518
Patch
Third Party Advisory
Issue Tracking
https://www.spinics.net/lists/kvm/msg151817.html
Patch
Mailing List