OVAL Reference oval:com.ubuntu.trusty:def:201712188000

Oval Definition:

oval:com.ubuntu.trusty:def:201712188000

Revision Date:	2017-10-11	Version:	1
Title:	CVE-2017-12188 on Ubuntu 14.04 LTS (trusty) - high.
Description:	arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2017-12188
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'linux-azure' package in trusty is not affected (note: '4.15.0-1023.24~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needs-triage now end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR NOT While related to the CVE in some way, the 'linux-lts-xenial' package in trusty is not affected. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').

BACK