#VU12296 Path traversal in Linux kernel - CVE-2017-12188
Published: April 30, 2018
Vulnerability identifier: #VU12296
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-12188
CWE-ID: CWE-22
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in arch/x86/kvm/mmu.c due to improper traversal of guest pagetable entries to resolve a guest virtual address when nested virtualisation is used. An adjacent attacker can cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in arch/x86/kvm/mmu.c due to improper traversal of guest pagetable entries to resolve a guest virtual address when nested virtualisation is used. An adjacent attacker can cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 4.13.6.