636380 – (CVE-2017-12188) kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188)

Bug 636380 (CVE-2017-12188) - kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188)

Summary: kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-1...

Status:	RESOLVED FIXED

Alias:	CVE-2017-12188

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal critical (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-11-03 14:25 UTC by GLSAMaker/CVETool Bot
Modified:	2022-03-26 00:29 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-11-03 14:25:23 UTC

CVE-2017-12188 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12188):
  arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested
  virtualisation is used, does not properly traverse guest pagetable entries
  to resolve a guest virtual address, which allows L1 guest OS users to
  execute arbitrary code on the host OS or cause a denial of service
  (incorrect index during page walking, and host OS crash), aka an "MMU
  potential stack buffer overrun."

Comment 1 John Helmert III archtester

2022-03-26 00:29:24 UTC

Fixed in 4.9.57, 4.14