Main Vulnerability Database Vulnerabilities #VU13516

#VU13516 Privilege escalation in Linux kernel - CVE-2018-12904

Published: June 29, 2018

Vulnerability identifier: #VU13516

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-12904

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to insufficient checking of the current privilege level (CPL) for Virtual Machine Extensions (VMX) instructions by the arch/x86/kvm/vmx.c source code file when nested virtualization is used. A local attacker can cause a targeted L1 Kernel-based Virtual Machine (KVM) guest to exit and gain elevated privileges on the targeted L1 system, which could be used to conduct further attacks.

Remediation

Install update from vendor's website.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8

#VU13516 Privilege escalation in Linux kernel - CVE-2018-12904

Description

Remediation

External links

Please verify you're human