CVE-2018-10853
kernel: kvm: guest userspace to guest kernel write
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.
Se ha encontrado un error en la forma en la que el hipervisor KVM del kernel de Linux en versiones anteriores a la 4.18 emulaba instrucciones como sgdt/sidt/fxsave/fxrstor. No comprobó el nivel de privilegios actual (CPL) al emular instrucciones sin privilegios. Un usuario invitado o un proceso sin privilegios podrían emplear este error para escalar sus privilegios en el invitado.
A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-09 CVE Reserved
- 2018-09-11 CVE Published
- 2023-09-05 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
- CWE-269: Improper Privilege Management
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html | 2019-10-03 | |
| https://access.redhat.com/errata/RHSA-2019:2029 | 2019-10-03 | |
| https://access.redhat.com/errata/RHSA-2019:2043 | 2019-10-03 | |
| https://access.redhat.com/errata/RHSA-2020:0036 | 2019-10-03 | |
| https://access.redhat.com/errata/RHSA-2020:0103 | 2019-10-03 | |
| https://access.redhat.com/errata/RHSA-2020:0179 | 2019-10-03 | |
| https://usn.ubuntu.com/3777-1 | 2019-10-03 | |
| https://usn.ubuntu.com/3777-2 | 2019-10-03 | |
| https://access.redhat.com/security/cve/CVE-2018-10853 | 2020-01-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1589890 | 2020-01-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.18 Search vendor "Linux" for product "Linux Kernel" and version " < 4.18" | - |
Affected
| ||||||