CVE-2017-8106

ADVISORY - nist

Summary

The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.

EPSS Score⁠: 0.00038 (0.106)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-476⁠

NULL Pointer Dereference

ADVISORY - redhat

CWE-476⁠

NULL Pointer Dereference

Impacted images

Advisories

NIST

CREATED

8 years ago

UPDATED

3 months ago

ADVISORY IDCVE-2017-8106⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.5medium

Debian

CREATED

8 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2017-8106⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

8 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2017-8106⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

Red Hat

CREATED

8 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2017-8106⁠

EXPLOITABILITY SCORE

3.1

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.7medium