[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-12904Date: (C)2018-06-29   (M)2024-04-19


In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 4.9CVSS Score : 4.4
Exploit Score: 1.4Exploit Score: 3.4
Impact Score: 3.4Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: PARTIAL
Integrity: LOW 
Availability: LOW 
  
Reference:
EXPLOIT-DB-44944
USN-3752-1
USN-3752-2
USN-3752-3
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8
https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2
https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8

CPE    3
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/o:linux:linux_kernel
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
OVAL    9
oval:org.secpod.oval:def:52113
oval:org.secpod.oval:def:704300
oval:org.secpod.oval:def:704301
oval:org.secpod.oval:def:53006
...

© SecPod Technologies