High severity7.1NVD Advisory· Published Sep 26, 2017· Updated Jun 17, 2026
CVE-2017-12154
CVE-2017-12154
Description
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
58- osv-coords56 versionspkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-xen&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_22&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_22&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_22&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP3pkg:rpm/suse/kgraft-patch-SLE12_Update_28&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
< 4.4.90-92.45.1+ 55 more
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.61-52.101.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.3
- (no CPE)range: < 4.4.92-6.18.3
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 4.4.88-18.1
- (no CPE)range: < 4.4.88-18.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.61-52.101.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.88-18.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.61-52.101.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.88-18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 3.12.61-52.101.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 1-2.1
- (no CPE)range: < 1-2.1
- (no CPE)range: < 1-2.1
- (no CPE)range: < 1-2.4
- (no CPE)range: < 1-4.3
- (no CPE)range: < 1-8.1
Patches
Vulnerability mechanics
References
11- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94fnvdIssue TrackingPatchThird Party Advisory
- www.spinics.net/lists/kvm/msg155414.htmlnvdMailing ListPatchThird Party Advisory
- www.securityfocus.com/bid/100856nvdThird Party AdvisoryVDB Entry
- www.debian.org/security/2017/dsa-3981nvd
- access.redhat.com/errata/RHSA-2018:0676nvd
- access.redhat.com/errata/RHSA-2018:1062nvd
- access.redhat.com/errata/RHSA-2019:1946nvd
- usn.ubuntu.com/3698-1/nvd
- usn.ubuntu.com/3698-2/nvd
News mentions
0No linked articles in our index yet.