Bug 1527112 – CVE-2017-17741 kernel: kvm: stack-based out-of-bounds read via vmcall instruction

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1527112 - (CVE-2017-17741) CVE-2017-17741 kernel: kvm: stack-based out-of-bounds read via vmcall instruction

Summary:	CVE-2017-17741 kernel: kvm: stack-based out-of-bounds read via vmcall instruc...

Status:	NEW

Aliases:	CVE-2017-17741

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20171211,reported=2...
Keywords:	Security

Depends On:	1527114 1527113
Blocks:	1527116
	Show dependency tree / graph

Reported:	2017-12-18 10:12 EST by Adam Mariš
Modified:	2018-08-28 18:28 EDT (History)
CC List:	45 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	Linux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memory bytes.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Adam Mariš 2017-12-18 10:12:49 EST

Linux kernel built with the KVM virtualization(CONFIG_KVM) support is vulnerable
to an out-of-bounds read access issue. It could occur when emulating vmcall instruction invoked by a guest.

A guest user/process could use this flaw to disclose kernel memory bytes.

Upstream patch:
---------------
  -> https://www.spinics.net/lists/kvm/msg160796.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/12/19/2

Comment 1 Adam Mariš 2017-12-18 10:17:20 EST

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1527113]

Comment 5 Vladis Dronov 2018-01-04 12:48:12 EST

Reproducer:

Comment 6 Eric Christensen 2018-01-04 13:27:30 EST

Statement:

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.

This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7.

This has been rated as having Low security impact and is not currently
planned to be addressed in future updates. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/.

Note You need to log in before you can comment on or make changes to this bug.

airlied
ajax
aquini
bhu
blc
bskeggs
dhoward
esammons
ewk
fhrbata
hdegoede
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jkacur
john.j5live
jonathan
josef
jross
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
plougher
ppandit
rt-maint
rvrbovsk
skozina
steved
vdronov
williams