Issue metadata
Sign in to add a comment
|
CVE-2017-12188 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-12188 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-12188 CVSS severity score: 6.9/10.0 Description: arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Nov 6 2017
Backport is non-trivial. Will wait for upstream resolution to avoid later conflicts.
,
Nov 6 2017
,
Dec 5 2017
,
Dec 5 2017
Upstream commit 829ee279aed4 ("KVM: MMU: always terminate page walks at level 1") says:
"This patch is also enough to fix CVE-2017-12188".
And:
"Fixes: 6bb69c9b69c315200ddc2bc79aee14c0184cf5b2"
Commit 6bb69c9b69c in turn is not in v4.4 and thus also not in chromeos-4.4 or earlier kernels. Thus, the problem does not apply to any chromeos kernels. Marking as WontFix.
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Nov 4 2017Labels: Security_Severity-High Security_Impact-Stable M-63 Pri-1
Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)