#VU5183 Denial of service in Linux kernel - CVE-2017-2583
Published: January 20, 2017 / Updated: June 30, 2017
Vulnerability identifier: #VU5183
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2583
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows an adjacent attacker to cause DoS condition.
The weakness exists due to improper emulation of "MOV SS, NULL selector" instruction by the load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel. A quest OS user can use a specially crafted and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper emulation of "MOV SS, NULL selector" instruction by the load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel. A quest OS user can use a specially crafted and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Update to version 4.9.5.