Red Hat, Inc. (AV:A/AC:H/Au:S/C:N/I:N/A:C)

Red Hat, Inc. AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS.

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

https://access.redhat.com/security/cve/CVE-2017-12154 [No Types Assigned]

Red Hat, Inc. (AV:A/AC:H/Au:S/C:N/I:N/A:C)

Red Hat, Inc. AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS.

https://access.redhat.com/security/cve/CVE-2017-12154 [No Types Assigned]

CWE-284

NVD-CWE-noinfo

https://access.redhat.com/errata/RHSA-2019:1946 [No Types Assigned]

https://usn.ubuntu.com/3698-1/ [No Types Assigned]

https://usn.ubuntu.com/3698-2/ [No Types Assigned]

https://access.redhat.com/errata/RHSA-2018:0676 [No Types Assigned]

https://access.redhat.com/errata/RHSA-2018:1062 [No Types Assigned]

http://www.debian.org/security/2017/dsa-3981 [No Types Assigned]

OR
     *cpe:2.3:o:linux:linux_kernel:4.13.3:*:*:*:*:*:*:* (and previous)

(AV:L/AC:L/Au:N/C:P/I:P/A:N)

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-284

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f No Types Assigned

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f Issue Tracking, Patch, Third Party Advisory

http://www.securityfocus.com/bid/100856 No Types Assigned

http://www.securityfocus.com/bid/100856 Third Party Advisory, VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1491224 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=1491224 Issue Tracking, Patch, Third Party Advisory

https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f No Types Assigned

https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f Issue Tracking, Patch, Third Party Advisory

https://www.spinics.net/lists/kvm/msg155414.html No Types Assigned

https://www.spinics.net/lists/kvm/msg155414.html Mailing List, Patch, Third Party Advisory

http://www.securityfocus.com/bid/100856 [No Types Assigned]