CVE-2017-7518

MEDIUM

Linux kernel <4.12 - Privilege Escalation

Title source: llm

Description

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.

References (12)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/06/23/5

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99263

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038782

[Permissions Required, Third Party Advisory] https://access.redhat.com/articles/3290921

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:0395

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:0412

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518

[Third Party Advisory] https://usn.ubuntu.com/3619-1/

[Third Party Advisory] https://usn.ubuntu.com/3619-2/

[Third Party Advisory] https://usn.ubuntu.com/3754-1/

[Third Party Advisory] https://www.debian.org/security/2017/dsa-3981

[Mailing List, Patch] https://www.spinics.net/lists/kvm/msg151817.html

Scores

CVSS v3 5.5

EPSS 0.0009

EPSS Percentile 25.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-755 CWE-250

Status published

Affected Products (12)

redhat/enterprise_linux

redhat/enterprise_linux_desktop

redhat/enterprise_linux_server

redhat/enterprise_linux_server_aus

redhat/enterprise_linux_server_eus

redhat/enterprise_linux_server_eus

redhat/enterprise_linux_workstation

canonical/ubuntu_linux

canonical/ubuntu_linux

debian/debian_linux

debian/debian_linux

linux/linux_kernel < 4.12

Timeline

Published Jul 30, 2018

Tracked Since Feb 18, 2026