CVE-2017-17741

Public on 2018-01-18
Modified on 2018-02-21
Description
Linux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memory bytes.
Severity
Low
CVSS v3 Base Score
4.1
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 kernel 2018-02-20 21:23 ALAS2-2018-956
Amazon Linux 1 kernel 2018-02-20 21:20 ALAS-2018-956
Amazon Linux 1 kernel 2018-01-18 22:45 ALAS-2018-944
Amazon Linux 1 kernel 2018-02-20 21:20 ALAS-2018-956
Amazon Linux 1 kernel 2018-01-18 22:45 ALAS-2018-944

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 2.3 AV:A/AC:M/Au:S/C:P/I:N/A:N
Amazon Linux CVSSv3 4.1 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
NVD CVSSv2 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv3 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N