Vulnerabilities > CVE-2018-12904
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
Vulnerable Configurations
Exploit-Db
id | EDB-ID:44944 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3752-2.NASL description USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a NULL pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 112110 published 2018-08-24 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112110 title Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3752-2) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3752-3.NASL description It was discovered that, when attempting to handle an out-of-memory situation, a NULL pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 112189 published 2018-08-30 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112189 title Ubuntu 16.04 LTS / 18.04 LTS : linux-azure, linux-oem, linux-gcp vulnerabilities (USN-3752-3) NASL family Fedora Local Security Checks NASL id FEDORA_2018-B997780DCA.NASL description The 4.17.2 kernel rebase contains new drivers, new features, and a number of important fixes across the tree. ---- The v4.16.17 update includes important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-06-29 plugin id 110789 published 2018-06-29 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110789 title Fedora 27 : kernel / kernel-tools (2018-b997780dca) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3752-1.NASL description It was discovered that, when attempting to handle an out-of-memory situation, a NULL pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 112109 published 2018-08-24 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112109 title Ubuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3752-1)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2
- https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8
- https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3752-3/
- https://www.exploit-db.com/exploits/44944/
- https://www.exploit-db.com/exploits/44944/