Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 636380 (CVE-2017-12188)

Summary: kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: critical CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-11-03 14:25:23 UTC 
CVE-2017-12188 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12188):
  arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested
  virtualisation is used, does not properly traverse guest pagetable entries
  to resolve a guest virtual address, which allows L1 guest OS users to
  execute arbitrary code on the host OS or cause a denial of service
  (incorrect index during page walking, and host OS crash), aka an "MMU
  potential stack buffer overrun."
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-26 00:29:24 UTC 
Fixed in 4.9.57, 4.14