CVE-2017-1000407

Current Description

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

Basic Data

PublishedDecember 11, 2017
Last ModifiedMay 14, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-754
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorADJACENT_NETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.1
SeverityMEDIUM
Exploitability Score6.5
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVSS 3 - Attack VectorADJACENT_NETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeCHANGED
CVSS 3 - Confidentiality ImpactNONE
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.4
CVSS 3 - Base SeverityHIGH
Exploitability Score2.8
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatVirtualization Host4.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server Aus7.6*******
    2.3OSRedhatEnterprise Linux Server Eus7.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.6*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********2.6.324.15
    2.3OSLinuxLinux Kernel4.15rc1******
    2.3OSLinuxLinux Kernel4.15rc2******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
    2.3OSDebianDebian Linux8.0*******
    2.3OSDebianDebian Linux9.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux12.04***esm***
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux16.04***lts***
    2.3OSCanonicalUbuntu Linux17.10*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 7.0, 8.0, 9.0
Redhat Enterprise Linux Workstation 7.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server 7.0
Canonical Ubuntu Linux 12.04, 14.04, 16.04, 17.10
Linux Linux Kernel *, 4.15

References

NameSourceURLTags
[oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80http://www.openwall.com/lists/oss-security/2017/12/04/2MLISTMailing List Patch Third Party Advisory
102038http://www.securityfocus.com/bid/102038BIDThird Party Advisory VDB Entry
RHSA-2018:0676https://access.redhat.com/errata/RHSA-2018:0676REDHATThird Party Advisory
RHSA-2018:1062https://access.redhat.com/errata/RHSA-2018:1062REDHATThird Party Advisory
RHSA-2019:1170https://access.redhat.com/errata/RHSA-2019:1170REDHAT
https://access.redhat.com/security/cve/cve-2017-1000407https://access.redhat.com/security/cve/cve-2017-1000407CONFIRMThird Party Advisory
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security updatehttps://lists.debian.org/debian-lts-announce/2017/12/msg00004.htmlMLISTMailing List Third Party Advisory
USN-3583-1https://usn.ubuntu.com/3583-1/UBUNTUThird Party Advisory
USN-3583-2https://usn.ubuntu.com/3583-2/UBUNTUThird Party Advisory
USN-3617-1https://usn.ubuntu.com/3617-1/UBUNTUThird Party Advisory
USN-3617-2https://usn.ubuntu.com/3617-2/UBUNTUThird Party Advisory
USN-3619-1https://usn.ubuntu.com/3619-1/UBUNTUThird Party Advisory
USN-3619-2https://usn.ubuntu.com/3619-2/UBUNTUThird Party Advisory
USN-3632-1https://usn.ubuntu.com/3632-1/UBUNTUThird Party Advisory
DSA-4073https://www.debian.org/security/2017/dsa-4073DEBIANThird Party Advisory
DSA-4082https://www.debian.org/security/2018/dsa-4082DEBIANThird Party Advisory
[kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hostshttps://www.spinics.net/lists/kvm/msg159809.htmlMLISTPatch