CVE-2018-10853 — HIGH (7.0)

Q: How severe is CVE-2018-10853?

CVE-2018-10853 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-10853?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Linux Linux Kernel.

Vulnerability Description

A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.

CVSS Score

7.0

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	16.04
Debian	Debian Linux	8.0
Linux	Linux Kernel	< 4.18

Related Weaknesses (CWE)

CWE-269 CWE-250

References

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2020:0036
https://access.redhat.com/errata/RHSA-2020:0103
https://access.redhat.com/errata/RHSA-2020:0179
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853Issue TrackingPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12PatchVendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3cPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlMailing ListThird Party Advisory
https://usn.ubuntu.com/3777-1/Third Party Advisory
https://usn.ubuntu.com/3777-2/Third Party Advisory
https://www.openwall.com/lists/oss-security/2018/09/02/1Mailing ListPatchThird Party Advisory

FAQ

What is CVE-2018-10853?

CVE-2018-10853 is a vulnerability with a CVSS score of 7.0 (HIGH). A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged i...

How severe is CVE-2018-10853?

CVE-2018-10853 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10853?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Linux Linux Kernel.