Bug 1527112 (CVE-2017-17741) - CVE-2017-17741 kernel: kvm: stack-based out-of-bounds read via vmcall instruction
Summary: CVE-2017-17741 kernel: kvm: stack-based out-of-bounds read via vmcall instruc...
Status: CLOSED CURRENTRELEASE
Alias: CVE-2017-17741
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20171211,reported=2...
Keywords: Security
Depends On: 1527113 1527114
Blocks: 1527116
TreeView+ depends on / blocked
 
Reported: 2017-12-18 15:12 UTC by Adam Mariš
Modified: 2019-05-16 08:05 UTC (History)
46 users (show)

(edit)
Linux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memory bytes.
Clone Of:
(edit)
Last Closed: 2018-11-16 15:26:22 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-12-18 15:12:49 UTC
Linux kernel built with the KVM virtualization(CONFIG_KVM) support is vulnerable
to an out-of-bounds read access issue. It could occur when emulating vmcall instruction invoked by a guest.

A guest user/process could use this flaw to disclose kernel memory bytes.

Upstream patch:
---------------
  -> https://www.spinics.net/lists/kvm/msg160796.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/12/19/2

Comment 1 Adam Mariš 2017-12-18 15:17:20 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1527113]

Comment 5 Vladis Dronov 2018-01-04 17:48:12 UTC
Reproducer:

Comment 6 Eric Christensen 2018-01-04 18:27:30 UTC
Statement:

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.

This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7.

This has been rated as having Low security impact and is not currently
planned to be addressed in future updates. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/.

Comment 8 Paolo Bonzini 2018-11-16 15:26:22 UTC
Fixed by upstream commit e39d200fa5bf5b94a0948db0dae44c1b73b84a56, included in Linux 4.15


Note You need to log in before you can comment on or make changes to this bug.