Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-8106 (GCVE-0-2017-8106)
Vulnerability from cvelistv5 – Published: 2017-04-24 23:00 – Updated: 2024-09-16 23:41
VLAI?
EPSS
Summary
The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1678676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-24T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.net/bugs/1678676"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=195167",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
},
{
"name": "https://launchpad.net/bugs/1678676",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/1678676"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8106",
"datePublished": "2017-04-24T23:00:00.000Z",
"dateReserved": "2017-04-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:41:42.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2017-AVI-162
Vulnerability from certfr_avis - Published: 2017-05-22 - Updated: 2017-05-22
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module pour Public Cloud 12 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP1 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module pour Public Cloud 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-2117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2117"
},
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2017-6348",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6348"
},
{
"name": "CVE-2017-2647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2647"
},
{
"name": "CVE-2017-6353",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6353"
},
{
"name": "CVE-2017-6346",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6346"
},
{
"name": "CVE-2017-6951",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6951"
},
{
"name": "CVE-2015-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1350"
},
{
"name": "CVE-2017-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7645"
},
{
"name": "CVE-2016-3070",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3070"
},
{
"name": "CVE-2017-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6345"
},
{
"name": "CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"name": "CVE-2016-5243",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5243"
},
{
"name": "CVE-2017-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7616"
},
{
"name": "CVE-2017-8106",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8106"
},
{
"name": "CVE-2017-7294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7294"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-2671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
},
{
"name": "CVE-2016-1004",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1004"
},
{
"name": "CVE-2016-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1020"
},
{
"name": "CVE-2016-9588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9588"
},
{
"name": "CVE-2017-5897",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5897"
},
{
"name": "CVE-2017-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
},
{
"name": "CVE-2016-9191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9191"
},
{
"name": "CVE-2016-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
},
{
"name": "CVE-2017-5986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5986"
},
{
"name": "CVE-2016-9604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9604"
},
{
"name": "CVE-2017-7261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7261"
},
{
"name": "CVE-2017-5669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5669"
}
],
"initial_release_date": "2017-05-22T00:00:00",
"last_revision_date": "2017-05-22T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:1360-1 du 19 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171360-1/"
}
],
"reference": "CERTFR-2017-AVI-162",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:1360-1 du 19 mai 2017",
"url": null
}
]
}
CERTFR-2017-AVI-390
Vulnerability from certfr_avis - Published: 2017-11-03 - Updated: 2017-11-03
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 12 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-12153",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12153"
},
{
"name": "CVE-2017-14106",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14106"
},
{
"name": "CVE-2017-1000365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000365"
},
{
"name": "CVE-2017-15274",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15274"
},
{
"name": "CVE-2015-9004",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9004"
},
{
"name": "CVE-2017-8831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8831"
},
{
"name": "CVE-2017-15649",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15649"
},
{
"name": "CVE-2017-2647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2647"
},
{
"name": "CVE-2017-11176",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
},
{
"name": "CVE-2017-7482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7482"
},
{
"name": "CVE-2017-6346",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6346"
},
{
"name": "CVE-2017-10661",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10661"
},
{
"name": "CVE-2017-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12762"
},
{
"name": "CVE-2017-9242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9242"
},
{
"name": "CVE-2017-14051",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14051"
},
{
"name": "CVE-2017-6951",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6951"
},
{
"name": "CVE-2017-9074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9074"
},
{
"name": "CVE-2017-8925",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8925"
},
{
"name": "CVE-2017-9077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9077"
},
{
"name": "CVE-2016-10229",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
},
{
"name": "CVE-2017-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9076"
},
{
"name": "CVE-2017-12154",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12154"
},
{
"name": "CVE-2017-1000363",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000363"
},
{
"name": "CVE-2017-8106",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8106"
},
{
"name": "CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"name": "CVE-2017-7487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7487"
},
{
"name": "CVE-2017-7541",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7541"
},
{
"name": "CVE-2017-7542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7542"
},
{
"name": "CVE-2017-14140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14140"
},
{
"name": "CVE-2017-8924",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8924"
},
{
"name": "CVE-2017-7889",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7889"
},
{
"name": "CVE-2017-1000380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000380"
},
{
"name": "CVE-2016-9604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9604"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2017-9075",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9075"
},
{
"name": "CVE-2017-7518",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7518"
},
{
"name": "CVE-2016-10277",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10277"
},
{
"name": "CVE-2017-12192",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12192"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
}
],
"initial_release_date": "2017-11-03T00:00:00",
"last_revision_date": "2017-11-03T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-390",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20172920-1 du 02 novembre 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172920-1/"
}
]
}
CNVD-2017-06741
Vulnerability from cnvd - Published: 2017-05-17
VLAI Severity ?
Title
Linux kernel拒绝服务漏洞(CNVD-2017-06741)
Description
Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。
Linux内核3.12至3.15中的arch/x86/kvm/vmx.c中的handle_invept函数存在拒绝服务漏洞,允许特权的KVM客户机操作系统的用户通过单一上下文INVEPT指令导致拒绝服务(NULL指针取消引用和主机操作系统崩溃)NULL EPT指针。
Severity
中
Patch Name
Linux kernel拒绝服务漏洞(CNVD-2017-06741)的补丁
Patch Description
Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。
Linux内核3.12至3.15中的arch/x86/kvm/vmx.c中的handle_invept函数存在拒绝服务漏洞,允许特权的KVM客户机操作系统的用户通过单一上下文INVEPT指令导致拒绝服务(NULL指针取消引用和主机操作系统崩溃)NULL EPT指针。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://bugzilla.kernel.org/show_bug.cgi?id=195167
Reference
https://launchpad.net/bugs/1678676
Impacted products
| Name | Linux kernel 3.12-3.15 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-8106",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8106"
}
},
"description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux\u5185\u68383.12\u81f33.15\u4e2d\u7684arch/x86/kvm/vmx.c\u4e2d\u7684handle_invept\u51fd\u6570\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u7279\u6743\u7684KVM\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u7528\u6237\u901a\u8fc7\u5355\u4e00\u4e0a\u4e0b\u6587INVEPT\u6307\u4ee4\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08NULL\u6307\u9488\u53d6\u6d88\u5f15\u7528\u548c\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u5d29\u6e83\uff09NULL EPT\u6307\u9488\u3002",
"discovererName": "minoura makoto",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bugzilla.kernel.org/show_bug.cgi?id=195167",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-06741",
"openTime": "2017-05-17",
"patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux\u5185\u68383.12\u81f33.15\u4e2d\u7684arch/x86/kvm/vmx.c\u4e2d\u7684handle_invept\u51fd\u6570\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u7279\u6743\u7684KVM\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u7528\u6237\u901a\u8fc7\u5355\u4e00\u4e0a\u4e0b\u6587INVEPT\u6307\u4ee4\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08NULL\u6307\u9488\u53d6\u6d88\u5f15\u7528\u548c\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u5d29\u6e83\uff09NULL EPT\u6307\u9488\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-06741\uff09\u7684\u8865\u4e01",
"products": {
"product": "Linux kernel 3.12-3.15"
},
"referenceLink": "https://launchpad.net/bugs/1678676",
"serverity": "\u4e2d",
"submitTime": "2017-04-26",
"title": "Linux kernel\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-06741\uff09"
}
FKIE_CVE-2017-8106
Vulnerability from fkie_nvd - Published: 2017-04-24 23:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bugzilla.kernel.org/show_bug.cgi?id=195167 | Issue Tracking | |
| cve@mitre.org | https://launchpad.net/bugs/1678676 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.kernel.org/show_bug.cgi?id=195167 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/bugs/1678676 | Issue Tracking |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B291154A-4B91-4A0E-AAAE-716A8BB7BF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D835FBA1-49DE-4184-BEC8-7ED2B3F7B0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "080BD3C9-0606-4D9A-B7AE-3DF9F75B8FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDF0F11-3DB4-41F6-B6D3-383857884258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB1772A-F4AA-4AB8-9FC9-10993A6A5B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB5B4D7-C79C-448E-B0D4-A6A9C440F49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9A32A2-C1EC-4463-B21F-79E6592C5339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8683B9-63EF-43D0-8E4F-2909429B47E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91F6A187-E8B1-47CF-B375-FB453F8000F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4332E-E1D4-4B6E-B9FE-B33CCF083402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1949D7D6-7DD2-458B-89D3-B0090C8E9984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA23201B-8DC1-4694-8DD9-661BC78F152A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDB83D1-8A25-495E-BC27-0E2059255DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF8D075-08F5-4CF4-8416-9963CA6B04D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4ED579-E7D9-434A-A357-3D9056784227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79E9D537-1F1A-462B-A6D6-2DC4FF07A843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2AEF20-1F50-497D-AD1E-AC0ED7699DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.17:*:*:*:*:*:*:*",
"matchCriteriaId": "93A7B9D2-EF81-4952-AD6F-C5870331F17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1BACD07E-51D7-4081-89E0-276FE3ADCEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D46AEA84-FDC3-41A3-9F63-D38290C9862F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.20:*:*:*:*:*:*:*",
"matchCriteriaId": "54C401E0-6258-4F25-82CF-B81B7624C509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0810E4B6-1510-46A6-9519-127E226BDE01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BA4A7A-FF32-4763-8278-08C2DEBAA05A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E44C3-41FC-41A1-9ACF-1DD00DE06CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.24:*:*:*:*:*:*:*",
"matchCriteriaId": "860169C6-3AF9-4F00-869C-DE0DE289DF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.25:*:*:*:*:*:*:*",
"matchCriteriaId": "51398597-A993-496F-84E4-993B74AC0508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B9879AED-F53E-47D7-ACA1-E61EBF3133EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.27:*:*:*:*:*:*:*",
"matchCriteriaId": "048698BF-3B0C-449C-9D2A-81B5CAB4A27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.28:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EED7A3-B40C-4C02-80B7-1836A3C4C2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.29:*:*:*:*:*:*:*",
"matchCriteriaId": "4B72AFA7-C594-4BCF-BB79-F3EE675766A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5195ED19-4482-435C-9224-20B0EDF6F114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.31:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AC043B-EACB-406C-B4D0-7B22CF8B0EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA5C700-05F9-4077-ACE6-8A7EE033B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.33:*:*:*:*:*:*:*",
"matchCriteriaId": "BE74D9A2-DCD6-4E14-B061-972EB7CF1EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E50006B4-3AB0-4FF2-9111-F0E1191D243C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.35:*:*:*:*:*:*:*",
"matchCriteriaId": "B654475F-4C5F-485E-BB77-CFEF6D214C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4304FA-0868-4A81-B6E4-FBDF84B153AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.37:*:*:*:*:*:*:*",
"matchCriteriaId": "2100C16C-437E-4EEC-BD04-D75CF3D02333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.38:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF474B9-2740-498C-909B-DBFD3FDC23CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.39:*:*:*:*:*:*:*",
"matchCriteriaId": "88F0A015-6CF7-4528-9CF9-E0E76CB3E1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.40:*:*:*:*:*:*:*",
"matchCriteriaId": "09723483-B241-4D82-862C-AA0098F680CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.41:*:*:*:*:*:*:*",
"matchCriteriaId": "A084853B-91CB-4964-A498-9B4208152138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.42:*:*:*:*:*:*:*",
"matchCriteriaId": "A19BA782-DCFB-48B6-973C-3AD050ED51F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.43:*:*:*:*:*:*:*",
"matchCriteriaId": "F87E856E-AD83-4EBF-BD06-4736B9116083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.44:*:*:*:*:*:*:*",
"matchCriteriaId": "04D914E1-7229-4642-BDC9-5A8261E03538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BFDC2E5D-EF73-4DED-8E4C-8309BA53A092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.46:*:*:*:*:*:*:*",
"matchCriteriaId": "9406CC5F-6D28-4836-BDD4-A50674F1333D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.47:*:*:*:*:*:*:*",
"matchCriteriaId": "124ADC63-CDA6-4A27-A844-4F33DB6A4031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.48:*:*:*:*:*:*:*",
"matchCriteriaId": "40FD9974-27BC-4DE4-9CB0-FC2D0CAA1D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.49:*:*:*:*:*:*:*",
"matchCriteriaId": "72559629-4BB1-4651-BEF7-B6E74683C401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8648EF03-5B27-40BD-90A0-59DC8120440B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8C26111E-EF43-4CFA-977E-6658A7B62C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.52:*:*:*:*:*:*:*",
"matchCriteriaId": "06A8E46E-7CAB-49E2-A1DD-F146FBBBA19E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.53:*:*:*:*:*:*:*",
"matchCriteriaId": "7799F2BF-9C85-444A-970A-6F245463425F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.54:*:*:*:*:*:*:*",
"matchCriteriaId": "91854A06-32BC-4C9F-AA63-BA32F2B385DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.55:*:*:*:*:*:*:*",
"matchCriteriaId": "33509600-67E3-4C78-B0C4-4D62D70FCD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.56:*:*:*:*:*:*:*",
"matchCriteriaId": "10237625-21BB-43A0-A7A2-EE662703391E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.57:*:*:*:*:*:*:*",
"matchCriteriaId": "11E6E8FD-CAA5-4A93-ABD5-815B51D7DE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.58:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3B5CB0-C094-471A-A6D5-2FBC91384FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.12.59:*:*:*:*:*:*:*",
"matchCriteriaId": "B77FCA1E-99B4-4D10-9A59-65FE265C9DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "50513044-C297-4D5E-BD45-6FD603A29F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.67:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CB47E3-1DF7-4FB1-A436-F7648C8F0EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.68:*:*:*:*:*:*:*",
"matchCriteriaId": "F48C8632-E8C5-4907-AEDC-1B33D8A5AF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5827B65-9941-4927-8D47-57229EEA290F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer."
},
{
"lang": "es",
"value": "La funci\u00f3n handle_invept de arch/x86/kvm/vmx.c del Kernel de Linux, versiones 3.12 a 3.15, permite a los usuarios privilegiados del sistema operativo hu\u00e9sped de KVM causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda del sistema operativo anfitri\u00f3n) a trav\u00e9s de una instrucci\u00f3n single-context INVEPT con puntero EPT nulo."
}
],
"id": "CVE-2017-8106",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T23:59:00.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://launchpad.net/bugs/1678676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://launchpad.net/bugs/1678676"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2017-8106
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-8106",
"description": "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.",
"id": "GSD-2017-8106",
"references": [
"https://www.suse.com/security/cve/CVE-2017-8106.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-8106"
],
"details": "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.",
"id": "GSD-2017-8106",
"modified": "2023-12-13T01:21:09.170377Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=195167",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
},
{
"name": "https://launchpad.net/bugs/1678676",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/1678676"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.14.67:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.14.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8106"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1678676",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://launchpad.net/bugs/1678676"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=195167",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-05-05T12:50Z",
"publishedDate": "2017-04-24T23:59Z"
}
}
}
GHSA-XV97-PM64-W44M
Vulnerability from github – Published: 2022-05-17 02:46 – Updated: 2022-05-17 02:46
VLAI?
Details
The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-8106"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-24T23:59:00Z",
"severity": "MODERATE"
},
"details": "The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.",
"id": "GHSA-xv97-pm64-w44m",
"modified": "2022-05-17T02:46:59Z",
"published": "2022-05-17T02:46:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8106"
},
{
"type": "WEB",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=195167"
},
{
"type": "WEB",
"url": "https://launchpad.net/bugs/1678676"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2017-8106
Vulnerability from fstec - Published: 25.04.2017
VLAI Severity ?
Title
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции handle invept в arch/x86/kvm/vmx.c операционной системы Linux связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю, действующему локально, вызвать отказ в обслуживании (разыменование нулевого указателя) с помощью одно контекстной INVEPT инструкции с нулевым EPT указателем
Severity ?
Vendor
Сообщество свободного программного обеспечения
Software Name
Linux
Software Version
от 3.12 до 3.15 включительно (Linux)
Possible Mitigations
Использование рекомендаций:
https://bugzilla.kernel.org/show_bug.cgi?id=195167
https://launchpad.net/bugs/1678676
Reference
https://bugzilla.kernel.org/show_bug.cgi?id=195167
https://launchpad.net/bugs/1678676
CWE
CWE-476
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 3.12 \u0434\u043e 3.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://bugzilla.kernel.org/show_bug.cgi?id=195167\nhttps://launchpad.net/bugs/1678676",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.04.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.05.2017",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2017-01145",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-8106",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 handle invept \u0432 arch/x86/kvm/vmx.c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (\u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f) \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0434\u043d\u043e \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u043d\u043e\u0439 INVEPT \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 \u0441 \u043d\u0443\u043b\u0435\u0432\u044b\u043c EPT \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.kernel.org/show_bug.cgi?id=195167\nhttps://launchpad.net/bugs/1678676",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…