Improper privilege management in Linux kernel

#VU8696 Improper privilege management in Linux kernel

Cybersecurity Help s.r.o.

Published: 2017-10-05 | Updated: 2017-10-16

Vulnerability identifier: #VU8696

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12154

CWE-ID: CWE-264

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

Mitigation
Install the latest version of Linux kernel 4.4.90, 4.13.5 or 4.9.53.

Vulnerable software versions

Linux kernel: 4.13 - 4.13.3, 4.9 - 4.9.54, 4.4 - 4.4.89

External links
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.90
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.53

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for kernel

Red Hat update for kernel-rt

Ubuntu update for Linux kernel

SUSE Linux update for the Linux Kernel

OpenSUSE Linux update for the Linux Kernel