CVE-2017-7518
First published: Fri Jun 23 2017(Updated: )
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.4 | |
| Redhat Enterprise Linux Server Eus | =7.4 | |
| Redhat Enterprise Linux Server Eus | =7.5 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Linux Linux kernel | <4.12 | |
| redhat/kernel | <4.12 | 4.12 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2017/06/23/5
- http://www.securityfocus.com/bid/99263
- http://www.securitytracker.com/id/1038782
- https://access.redhat.com/articles/3290921
- https://access.redhat.com/errata/RHSA-2018:0395
- https://access.redhat.com/errata/RHSA-2018:0412
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2017/dsa-3981
- https://www.spinics.net/lists/kvm/msg151817.html
- https://launchpad.net/bugs/cve/CVE-2017-7518
- https://xenbits.xen.org/xsa/advisory-204.html
- https://www.spinics.net/lists/kvm/msg151819.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1464474
- https://bugzilla.redhat.com/show_bug.cgi?id=1464473
- https://www.openwall.com/lists/oss-security/2017/06/23/5
- https://git.kernel.org/linus/c8401dda2f0a00cd25c0af6a95ed50e478d25de4
- https://security-tracker.debian.org/tracker/CVE-2017-7518
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7518
- https://nvd.nist.gov/vuln/detail/CVE-2017-7518
- https://ubuntu.com/security/CVE-2017-7518
Frequently Asked Questions
What is CVE-2017-7518?
CVE-2017-7518 is a vulnerability found in the Linux kernel before version 4.12 that affects the KVM module.
What is the severity of CVE-2017-7518?
CVE-2017-7518 has a severity level of medium.
Which Linux kernel versions are affected by CVE-2017-7518?
Linux kernel versions before 4.12 are affected by CVE-2017-7518.
How can CVE-2017-7518 be exploited?
CVE-2017-7518 can be exploited by a user or process inside a guest using the trap flag (TF) bit in EFLAGS during the emulation of the syscall instruction.
Is there a fix available for CVE-2017-7518?
Yes, the fix for CVE-2017-7518 is available in the Linux kernel version 4.12 and later.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7518
- agent/references
- agent/remedy
- agent/tags
- agent/first-publish-date
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.4
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.5
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/linux
- canonical/linux linux kernel
- package-manager/redhat
- package-manager/debian