{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-24T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "95430", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95430"}, {"name": "1037603", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037603"}, {"name": "USN-3754-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3754-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d"}, {"name": "DSA-3791", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3791"}, {"name": "[oss-security] 20170113 CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/01/13/7"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413001"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2584", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "95430", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95430"}, {"name": "1037603", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037603"}, {"name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/"}, {"name": "https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d"}, {"name": "DSA-3791", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3791"}, {"name": "[oss-security] 20170113 CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/01/13/7"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1413001", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413001"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:55:06.127Z"}, "title": "CVE Program Container", "references": [{"name": "95430", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95430"}, {"name": "1037603", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037603"}, {"name": "USN-3754-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3754-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d"}, {"name": "DSA-3791", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3791"}, {"name": "[oss-security] 20170113 CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/01/13/7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413001"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2584", "datePublished": "2017-01-15T02:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T13:55:06.127Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6EF8826-3017-454A-9684-A61AA69029DF", "versionEndIncluding": "4.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt."}, {"lang": "es", "value": "arch/x86/kvm/emulate.c en el kernel de Linux hasta la versi\u00f3n 4.9.3 permite a usuarios locales obtener informaci\u00f3n sensible de memoria del kernel o provocar una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n de memoria) a trav\u00e9s de una aplicaci\u00f3n manipulada que aprovecha la emulaci\u00f3n de instrucciones para fxrstor, fxsave, sgdt y sidt."}], "id": "CVE-2017-2584", "lastModified": "2018-08-24T10:29:02.303", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-15T02:59:02.750", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2017/dsa-3791"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2017/01/13/7"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/95430"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1037603"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413001"}, {"source": "secalert@redhat.com", "url": "https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/3754-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:2077", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-693.rt56.617.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:1842", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-693.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}], "bugzilla": {"description": "Kernel: kvm: use after free in complete_emulated_mmio", "id": "1413001", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413001"}, "csaw": false, "cvss": {"cvss_base_score": "5.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:P/A:C", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt."], "name": "CVE-2017-2584", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-01-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-2584\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2584"], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with\nRed Hat Enterprise Linux 7.\nThis has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/", "threat_severity": "Low", "upstream_fix": "3.10.0 560.el7"}