CVE-2017-7518 MEDIUM

CVE-2017-7518

Vendor [Unknown]
Product Kernel:
Weakness CWE-250
Published July 30, 2018
Last update August 5, 2024

CVSS base score

5.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.

Key dates

02Disclosure timeline

July 30, 2018 CVE published
August 5, 2024 Record updated