Main Vulnerability Database Vulnerabilities #VU13516

Privilege escalation in Linux kernel - CVE-2018-12904

Published: June 29, 2018

Vulnerability identifier: #VU13516

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-12904

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to insufficient checking of the current privilege level (CPL) for Virtual Machine Extensions (VMX) instructions by the arch/x86/kvm/vmx.c source code file when nested virtualization is used. A local attacker can cause a targeted L1 Kernel-based Virtual Machine (KVM) guest to exit and gain elevated privileges on the targeted L1 system, which could be used to conduct further attacks.

How to mitigate CVE-2018-12904

Install update from vendor's website.

Sources

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8

Privilege escalation in Linux kernel - CVE-2018-12904

Detailed vulnerability description

How to mitigate CVE-2018-12904

Sources

Please verify you're human