CLD-46 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-12154 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) linux
Deficiency Type SECURITY
Date Created 2017-09-22 09:58:41
Date Last Modified 2017-10-05 09:20:56

Version Specific Information:

Cucumber 1.0 i686 fixed in linux-4.9.53-i686-1
Cucumber 1.0 x86_64 fixed in linux-4.9.53-x86_64-1

Cucumber 1.1 i686 fixed in linux-4.9.53-i686-1
Cucumber 1.1 x86_64 fixed in linux-4.9.53-x86_64-1

Details:

If L1 does not specify the "use TPR shadow" VM-execution control in
vmcs12, then L0 must specify the "CR8-load exiting" and "CR8-store
exiting" VM-execution controls in vmcs02. Failure to do so will give
the L2 VM unrestricted read/write access to the hardware CR8
(https://www.spinics.net/lists/kvm/msg155414.html).

This has been fixed in the mainline Linux kernel by commit
51aa68e7d57e3217192d88ce90fd5b8ef29ec94f. As of Fri Sep 22 10:19:45 EDT 2017,
this commit has yet to be applied to the 4.9 kernel.