CVE-2018-12904

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

Published: Jun 27, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-12904
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	4.17.2
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	18.04	18.04.x

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8
https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2
https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8
https://usn.ubuntu.com/3752-1/
https://usn.ubuntu.com/3752-2/
https://usn.ubuntu.com/3752-3/
https://www.exploit-db.com/exploits/44944/

Vulnerability Database

290,301

CVE-2018-12904