CVE-2018-10901
kernel: kvm: vmx: host GDT limit corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.
Se encontró un fallo en el subsistema de virtualización KVM del kernel de Linux. El código VMX no restaura el límite GDT.LIMIT al valor del host anterior, sino que lo fija en 64 KB. Con un límite de GDT corrupto, el código de espacio de usuario de un host tiene la capacidad de colocar entradas maliciosas en el GDT, especialmente en las variables por CPU. Un atacante puede usar esto para aumentar sus privilegios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-09 CVE Reserved
- 2018-07-26 CVE Published
- 2023-07-20 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-665: Improper Initialization
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104905 | Third Party Advisory | |
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | Third Party Advisory | |
https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2390 | 2023-02-24 | |
https://access.redhat.com/errata/RHSA-2018:2391 | 2023-02-24 | |
https://access.redhat.com/errata/RHSA-2018:2392 | 2023-02-24 | |
https://access.redhat.com/errata/RHSA-2018:2393 | 2023-02-24 | |
https://access.redhat.com/errata/RHSA-2018:2394 | 2023-02-24 | |
https://access.redhat.com/security/cve/CVE-2018-10901 | 2018-08-14 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1601849 | 2018-08-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.36 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.36" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
|