Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-12904

Good to know:

icon

Date: June 27, 2018

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

Language: C

Severity Score

Related Resources (11)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8
https://nvd.nist.gov/vuln/detail/CVE-2018-12904
https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8
https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12904
https://usn.ubuntu.com/3752-1/
https://usn.ubuntu.com/3752-2/
https://usn.ubuntu.com/3752-3/
https://www.exploit-db.com/exploits/44944/
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2
https://www.mend.io/vulnerability-database/CVE-2018-12904

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version linux-yocto - 4.8.24+gitAUTOINC+c84532b647_f6329fd287;linux-yocto - 4.10+gitAUTOINC+805ea440c7_b259a5d744

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us