{
  "threat_severity" : "Low",
  "public_date" : "2017-12-11T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: kvm: stack-based out-of-bounds read via vmcall instruction",
    "id" : "1527112",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1527112"
  },
  "cvss" : {
    "cvss_base_score" : "2.3",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:P/I:N/A:N",
    "status" : "draft"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-125",
  "details" : [ "The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.", "Linux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memory bytes." ],
  "statement" : "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7.\nThis has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-alt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-17741\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17741" ],
  "name" : "CVE-2017-17741",
  "csaw" : false
}