CVE-2017-12168

Опубликовано: 18 нояб. 2016

Источник: redhat

CVSS3: 6.2

CVSS2: 5.2

EPSS Низкий

Описание

The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).

An assertion failure issue was found in the Linux kernel's KVM hypervisor module built to support visualization on ARM64 architecture platforms. The failure could occur while accessing Performance Monitors Cycle Count Register (PMCCNTR) from a guest. A privileged guest user could use this flaw to crash the host kernel resulting in denial of service.

Отчет

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Fixed	RHEA-2017:3163	09.11.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-617

https://bugzilla.redhat.com/show_bug.cgi?id=1492984Kernel: kvm: ARM64: assert failure when accessing PMCCNTR register

EPSS

Процентиль: 16%

0.00052

Низкий

6.2 Medium

CVSS3

5.2 Medium

CVSS2

Связанные уязвимости

CVE-2017-12168

CVSS3: 6

ubuntu

больше 8 лет назад

CVE-2017-12168

CVSS3: 6

nvd

больше 8 лет назад

CVE-2017-12168

CVSS3: 6

debian

больше 8 лет назад

The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Lin ...

GHSA-2rfq-4jx8-3hp9

CVSS3: 6

github

больше 3 лет назад

EPSS

Процентиль: 16%

0.00052

Низкий

6.2 Medium

CVSS3

5.2 Medium

CVSS2