PT-2018-10143 · Linux+5 · Linux Kernel Kvm Hypervisor+5

Andy Lutomirski

+1

·

Published

2018-06-19

·

Updated

2019-10-03

·

CVE-2018-10853

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel KVM hypervisor versions prior to 4.18
Description A flaw was found in the way Linux kernel KVM hypervisor emulated certain instructions. It did not check the current privilege level while emulating unprivileged instructions, which could allow an unprivileged guest user or process to potentially escalate privileges inside the guest.
Recommendations For versions prior to 4.18, update to version 4.18 or later to resolve the issue. As a temporary workaround, consider restricting access to unprivileged instructions until a patch is available.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-250CWE-269

Related Identifiers

ALT-PU-2018-1912
ALT-PU-2018-1916
ALT-PU-2018-1982
ALT-PU-2018-2192
ALT-PU-2018-2210
ALT-PU-2019-1433
CESA-2019_2029
CVE-2018-10853
DLA-1422-1
DLA-1422-2
DLA-1423-1
MGASA-2018-0296
MGASA-2018-0340
MGASA-2018-0341
OPENSUSE-SU-2018_2407-1
OPENSUSE-SU-2019_1407-1
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019_2029
RHSA-2019_2043
RHSA-2020:0036
RHSA-2020:0103
RHSA-2020:0179
SUSE-SU-2018:2341-1
SUSE-SU-2018:2342-1
SUSE-SU-2018:2345-1
SUSE-SU-2018:2346-1
SUSE-SU-2018:2347-1
SUSE-SU-2018:2348-1
SUSE-SU-2018:2349-1
SUSE-SU-2018:2350-1
SUSE-SU-2018:2351-1
SUSE-SU-2018:2352-1
SUSE-SU-2018:2353-1
SUSE-SU-2018:2354-1
SUSE-SU-2018:2355-1
SUSE-SU-2018:2356-1
SUSE-SU-2018:2358-1
SUSE-SU-2018:2359-1
SUSE-SU-2018:2363-1
SUSE-SU-2018:2364-1
SUSE-SU-2018:2367-1
SUSE-SU-2018:2368-1
SUSE-SU-2018:2369-1
SUSE-SU-2018:2387-1
SUSE-SU-2018:2389-1
SUSE-SU-2018:2391-1
SUSE-SU-2018:2413-1
SUSE-SU-2018:2414-1
SUSE-SU-2018:2416-1
SUSE-SU-2018:2450-1
SUSE-SU-2018:2472-1
SUSE-SU-2018:2474-1
SUSE-SU-2018:2538-1
SUSE-SU-2018:2539-1
SUSE-SU-2018:2678-1
SUSE-SU-2018:2684-1
SUSE-SU-2018:2908-1
SUSE-SU-2018:2908-2
SUSE-SU-2018:2933-1
SUSE-SU-2018:2935-1
SUSE-SU-2018:3083-1
SUSE-SU-2018:3084-1
SUSE-SU-2018_2341-1
SUSE-SU-2018_2342-1
SUSE-SU-2018_2345-1
SUSE-SU-2018_2348-1
SUSE-SU-2018_2349-1
SUSE-SU-2018_2354-1
SUSE-SU-2018_2356-1
SUSE-SU-2018_2358-1
SUSE-SU-2018_2359-1
SUSE-SU-2018_2363-1
SUSE-SU-2018_2364-1
SUSE-SU-2018_2368-1
SUSE-SU-2018_2369-1
SUSE-SU-2018_2389-1
SUSE-SU-2018_2538-1
SUSE-SU-2018_2539-1
SUSE-SU-2018_2678-1
SUSE-SU-2018_2684-1
SUSE-SU-2018_2933-1
SUSE-SU-2018_2935-1
SUSE-SU-2019:1245-1
USN-3777-1
USN-3777-2

Affected Products

Alt Linux
Centos
Linux Kernel Kvm Hypervisor
Red Hat
Suse
Ubuntu