CVE-2017-12154
Description
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Insufficient CR8 control validation in KVM nested virtualization allows L2 guests to read/write the host CR8 register, leading to potential denial of service.
Vulnerability
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through version 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls are present when the L1 hypervisor omits the "use TPR shadow" vmcs12 control. This occurs in nested virtualization (nVMX) scenarios, allowing KVM L2 guest OS users to access the hardware CR8 register.
Exploitation
An attacker must have access to a KVM L2 guest and the L1 hypervisor must omit the "use TPR shadow" control in the vmcs12. Under these conditions, the L2 guest can perform read and write operations on the hardware CR8 register without proper restriction.
Impact
A local attacker within the L2 guest can read and write the hardware CR8 register, potentially leading to a denial of service (system crash) as reported in the Ubuntu advisory [4]. The vulnerability may also enable further attacks depending on system configuration.
Mitigation
Patches are available in updated kernel packages. For Red Hat Enterprise Linux, updates are provided via RHSA-2018:1062 [1] and RHSA-2019:1946 [2]. Ubuntu has released fixed kernel versions in USN-3698-1 [4]. Users should upgrade their kernel to the latest version to mitigate this vulnerability.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
57- osv-coords56 versionspkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-xen&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_22&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_22&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_22&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP3pkg:rpm/suse/kgraft-patch-SLE12_Update_28&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
< 4.4.90-92.45.1+ 55 more
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.61-52.101.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.3
- (no CPE)range: < 4.4.92-6.18.3
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 4.4.88-18.1
- (no CPE)range: < 4.4.88-18.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.61-52.101.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.88-18.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.61-52.101.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.90-92.45.1
- (no CPE)range: < 4.4.92-6.18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 4.4.88-18.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 3.12.61-52.101.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 3.12.74-60.64.63.1
- (no CPE)range: < 1-2.1
- (no CPE)range: < 1-2.1
- (no CPE)range: < 1-2.1
- (no CPE)range: < 1-2.4
- (no CPE)range: < 1-4.3
- (no CPE)range: < 1-8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94fnvdIssue TrackingPatchThird Party Advisory
- www.spinics.net/lists/kvm/msg155414.htmlnvdMailing ListPatchThird Party Advisory
- www.securityfocus.com/bid/100856nvdThird Party AdvisoryVDB Entry
- www.debian.org/security/2017/dsa-3981nvd
- access.redhat.com/errata/RHSA-2018:0676nvd
- access.redhat.com/errata/RHSA-2018:1062nvd
- access.redhat.com/errata/RHSA-2019:1946nvd
- usn.ubuntu.com/3698-1/nvd
- usn.ubuntu.com/3698-2/nvd
News mentions
0No linked articles in our index yet.