Unrated severityNVD Advisory· Published Jun 27, 2018· Updated Aug 5, 2024

CVE-2018-12904

Description

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

Affected products

osv-coords
pkg:rpm/suse/kernel-livepatch-SLE15_Update_0&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015
Range: < 2-4.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44944/mitreexploitx_refsource_EXPLOIT-DB
usn.ubuntu.com/3752-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/3752-2/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/3752-3/mitrevendor-advisoryx_refsource_UBUNTU
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/mitrex_refsource_MISC
bugs.chromium.org/p/project-zero/issues/detailmitrex_refsource_MISC
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2mitrex_refsource_MISC
github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000