Denial of service in Linux kernel - CVE-2017-2583
Published: January 20, 2017 / Updated: June 30, 2017
Vulnerability identifier: #VU5183
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2583
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition.
The weakness exists due to improper emulation of "MOV SS, NULL selector" instruction by the load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel. A quest OS user can use a specially crafted and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper emulation of "MOV SS, NULL selector" instruction by the load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel. A quest OS user can use a specially crafted and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-2583
Update to version 4.9.5.