CVE-2017-1000252

MEDIUM

Linux Kernel < 4.13.3 - Denial of Service via Out-of-Bounds Guest IRQ Value

Title source: llm
STIX 2.1

Description

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101022
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1062
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3981
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://marc.info/?l=kvm&m=150549146311117&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0676
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://marc.info/?l=kvm&m=150549145711115&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1130
Mailing List, Patch, Third Party Advisory x_refsource_confirm
http://www.openwall.com/lists/oss-security/2017/09/15/4
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1490781

Scores

CVSS v3 5.5
EPSS 0.0045
EPSS Percentile 35.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20 CWE-617
Status published
Products (1)
linux/linux_kernel < 4.13.3
Published Sep 26, 2017
Tracked Since Feb 18, 2026