CVE-2017-17741

{"id": "CVE-2017-17741", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2017-12-18T08:29:00.210", "references": [{"url": "http://www.securityfocus.com/bid/102227", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3617-1/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3617-2/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3617-3/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3619-1/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3619-2/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3620-1/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3620-2/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3632-1/", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2017/dsa-4073", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2018/dsa-4082", "source": "cve@mitre.org"}, {"url": "https://www.spinics.net/lists/kvm/msg160796.html", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/102227", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3617-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3617-2/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3617-3/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3619-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3619-2/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3620-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3620-2/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3632-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2017/dsa-4073", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2018/dsa-4082", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.spinics.net/lists/kvm/msg160796.html", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h."}, {"lang": "es", "value": "La implementaci\u00f3n KVM en el kernel de Linux hasta la versi\u00f3n 4.14.7 permite que atacantes remotos obtengan informaci\u00f3n potencialmente sensible de la memoria del kernel. Esto tambi\u00e9n se conoce como una lectura fuera de l\u00edmites basada en pila write_mmio y est\u00e1 relacionado con arch/x86/kvm/x86.c e include/trace/events/kvm.h."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCF53DC7-5CFD-4A54-AABC-71D623665F85", "versionEndIncluding": "4.14.7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}