CVE-2018-12904 : In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualizat

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

Published 2018-06-27 11:29:00

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2018-12904

Linux » Linux Kernel
Versions before (<) 4.17.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-12904

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 35 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-12904

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
4.9	MEDIUM	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L	1.4	3.4	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

References for CVE-2018-12904

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch;Vendor Advisory
https://usn.ubuntu.com/3752-2/

USN-3752-2: Linux kernel (HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3752-1/

USN-3752-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8

kvm: nVMX: Enforce cpl=0 for VMX instructions · torvalds/linux@727ba74 · GitHub
Patch;Third Party Advisory
https://www.exploit-db.com/exploits/44944/

KVM (Nested Virtualization) - L1 Guest Privilege Escalation
Exploit;Third Party Advisory;VDB Entry
https://usn.ubuntu.com/3752-3/

USN-3752-3: Linux kernel (Azure, GCP, OEM) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://bugs.chromium.org/p/project-zero/issues/detail?id=1589

1589 - KVM (nested virtualization): privilege escalation in L1 guest - project-zero - Monorail
Exploit;Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2

Release Notes;Vendor Advisory

Jump to

Vulnerability Details : CVE-2018-12904

Products affected by CVE-2018-12904

Exploit prediction scoring system (EPSS) score for CVE-2018-12904

CVSS scores for CVE-2018-12904

References for CVE-2018-12904