CVE-2018-12633

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.17.2

Description An issue in the Linux kernel allows a malicious user thread to tamper with critical variables due to a race condition, leading to severe kernel errors such as buffer over-accesses. This can cause a local denial of service and information leakage. The issue is related to the vbg misc device ioctl() function in drivers/virt/vboxguest/vboxguest linux.c, which reads user data twice with copy from user, allowing the header part of the user data to be double-fetched.

Recommendations For Linux kernel versions prior to 4.17.2, update to version 4.17.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vbg misc device ioctl() function to minimize the risk of exploitation.