CVE-2018-12904 - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

CVE-2018-12904 (NVD)

2018-06-27

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

Products	Ubuntu_linux, Linux_kernel
Type	Permissions, Privileges, and Access Controls (CWE-264)
First patch	https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8
Relevant file/s	./arch/x86/kvm/vmx.c (modified, +13, -2)
Links	• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8 • https://usn.ubuntu.com/3752-2/ • https://usn.ubuntu.com/3752-1/ • https://bugs.chromium.org/p/project-zero/issues/detail?id=1589 • https://www.exploit-db.com/exploits/44944/ More/Less (2) • https://usn.ubuntu.com/3752-3/ • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2

linux - Tree: 727ba748e1

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: