{"id":"CVE-2017-12188","details":"arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an \"MMU potential stack buffer overrun.\"","modified":"2026-04-16T06:26:27.505929061Z","published":"2017-10-11T15:29:00.180Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/101267"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0395"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0412"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500380"},{"type":"FIX","url":"https://patchwork.kernel.org/patch/9996579/"},{"type":"FIX","url":"https://patchwork.kernel.org/patch/9996587/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12188.json","unresolved_ranges":[{"events":[{"introduced":"4.6"},{"fixed":"4.9.57"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.13.8"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}