{"id":"CVE-2017-2596","details":"The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.","modified":"2026-03-15T14:27:12.237251Z","published":"2017-02-06T06:59:00.450Z","related":["SUSE-SU-2017:1183-1","SUSE-SU-2017:1990-1"],"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3791"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95878"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1842"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2077"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/4"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417812"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.9.8"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2596.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}]}