CVE-2017-2584

Опубликовано: 11 янв. 2017

Источник: redhat

CVSS3: 7.1

CVSS2: 5.5

Описание

arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.

Отчет

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2017:2077	01.08.2017
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2017:1842	01.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1413001Kernel: kvm: use after free in complete_emulated_mmio

7.1 High

CVSS3

5.5 Medium

CVSS2

Связанные уязвимости

CVE-2017-2584

CVSS3: 7.1

ubuntu

около 9 лет назад

CVE-2017-2584

CVSS3: 7.1

nvd

около 9 лет назад

CVE-2017-2584

CVSS3: 7.1

debian

около 9 лет назад

arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local ...

GHSA-jhcg-4vw7-q849

CVSS3: 7.1

github

больше 3 лет назад

openSUSE-SU-2017:0456-1

suse-cvrf

почти 9 лет назад

Security update for the Linux Kernel

7.1 High

CVSS3

5.5 Medium

CVSS2