Note:
This project will be discontinued after December 13, 2021. [more]
2017-12-18
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
| Products | Debian_linux, Linux_kernel |
| Type | Out-of-bounds Read (CWE-125) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://www.debian.org/security/2018/dsa-4082
• https://usn.ubuntu.com/3620-2/ • https://www.spinics.net/lists/kvm/msg160796.html • https://usn.ubuntu.com/3617-2/ • https://usn.ubuntu.com/3620-1/
• https://usn.ubuntu.com/3619-2/
• https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html • https://www.debian.org/security/2017/dsa-4073 • https://usn.ubuntu.com/3617-3/ • https://usn.ubuntu.com/3617-1/ • https://usn.ubuntu.com/3619-1/ • http://www.securityfocus.com/bid/102227 • https://usn.ubuntu.com/3632-1/ |