CVE-2018-18021 — HIGH (7.1)

Q: How severe is CVE-2018-18021?

CVE-2018-18021 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-18021?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.

CVSS Score

7.1

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 4.18.12
Debian	Debian Linux	9.0
Canonical	Ubuntu Linux	14.04

Related Weaknesses (CWE)

CWE-20

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f93Patch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d26c25Patch
http://www.securityfocus.com/bid/105550Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:3656Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.12Patch
https://github.com/torvalds/linux/commit/2a3f93459d689d990b3ecfbe782fec89b97d327Patch
https://github.com/torvalds/linux/commit/d26c25a9d19b5976b319af528886f89cf455692Patch
https://usn.ubuntu.com/3821-1/Third Party Advisory
https://usn.ubuntu.com/3821-2/Third Party Advisory
https://usn.ubuntu.com/3931-1/
https://usn.ubuntu.com/3931-2/
https://www.debian.org/security/2018/dsa-4313Third Party Advisory
https://www.openwall.com/lists/oss-security/2018/10/02/2Mailing ListPatchThird Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f93Patch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d26c25Patch

FAQ

What is CVE-2018-18021?

CVE-2018-18021 is a vulnerability with a CVSS score of 7.1 (HIGH). arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacke...

How severe is CVE-2018-18021?

CVE-2018-18021 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-18021?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux.