CVE-2018-10901 — Improper Initialization in Kernel

CWE-665 — Improper Initialization7 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 63.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

5

Linux Kernel Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +2 more

Timeline

PublishedJul 26

Latest updateMay 13

Description

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.36

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Enterprise Linux 6.4, 6.5, 6.6

Patches

Patch: bugzilla.redhat.com ↗Patch: git.kernel.org ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

3

GHSA

GHSA-8j5h-gvcc-pfhw: A flaw was found in Linux kernel's KVM virtualization subsystem↗2022-05-13

▶

OSV

CVE-2018-10901: A flaw was found in Linux kernel's KVM virtualization subsystem↗2018-07-26

▶

CVEList

CVE-2018-10901: A flaw was found in Linux kernel's KVM virtualization subsystem↗2018-07-26

▶

📋Vendor Advisories

2

Debian

CVE-2018-10901: linux - A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code do...↗2018

▶

Red Hat

kernel: kvm: vmx: host GDT limit corruption↗2010-08-02

▶

💬Community

1

Bugzilla

CVE-2018-10901 kernel: kvm: vmx: host GDT limit corruption↗2018-07-17

▶

CVE-2018-10901 — Improper Initialization in Kernel | cvebase