Main Vulnerability Database Vulnerabilities #VU14178

#VU14178 Privilege escalation in Linux kernel - CVE-2018-10901

Published: August 2, 2018

Vulnerability identifier: #VU14178

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-10901

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability existsin the Kernel-based Virtual Machine (KVM) virtualization subsystem due to the vmx.c source code file of the affected software fails to set the GDT.LIMIT value to the previous host value and instead sets it to 64 KB. A local attacker can place malicious entries in the Global Descriptor Table (GDT), submit a specially crafted request that submits malicious input and gain elevated privileges on the system.

Remediation

Install update from vendor's website.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36

#VU14178 Privilege escalation in Linux kernel - CVE-2018-10901

Description

Remediation

External links

Please verify you're human