Description
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."
References (6)
Core 6
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0412
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0395
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://patchwork.kernel.org/patch/9996587/
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://patchwork.kernel.org/patch/9996579/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101267
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1500380
Scores
CVSS v3
7.8
EPSS
0.0044
EPSS Percentile
35.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-121
CWE-22
Status
published
Products (2)
linux/linux_kernel
4.6 - 4.9.57
n/a/Linux kernel
Linux kernel
Published
Oct 11, 2017
Tracked Since
Feb 18, 2026