CVE-2018-18021

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.18.12 on the arm64 platform

Description The issue is related to the KVM subsystem in the Linux kernel, specifically in the arch/arm64/kvm/guest.c file. It is caused by insufficient restrictions on userspace access to the core register file and inadequate PSTATE.M validation, which can lead to unintended execution modes. An attacker who can create virtual machines can exploit this to arbitrarily redirect the hypervisor flow of control with full register control or cause a denial of service via an illegal exception return, potentially leading to a hypervisor panic.

Recommendations For Linux kernel versions prior to 4.18.12 on the arm64 platform, update to version 4.18.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the KVM subsystem to minimize the risk of exploitation.