CVE-2018-12207

CWE-20 — Improper Input Validation CWE-226 CWE-80520 documents12 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 50.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +25 more

Timeline

PublishedNov 14

Latest updateMay 24

Description

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages24 packages

▶NVDf5/big-ip_domain_name_system11.5.2 — 11.6.5+4

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_arm64-based_systemsunspecified

▶NVDf5/big-ip_access_policy_manager11.5.2 — 11.6.5+4

Also affects: Debian Linux 9.0, Fedora 30, 31, Ubuntu Linux 14.04, Enterprise Linux 7.6, 7.7, 8.1, Openshift Container Platform 4.1, 4.2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-mgp4-7j8w-x48q: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to p↗2022-05-24

▶

OSV

CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to p↗2019-11-14

▶

CVEList

CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to p↗2019-11-14

▶

📋Vendor Advisories

Oracle

Oracle Oracle Systems Risk Matrix: Kernel — CVE-2018-12207↗2020-07-15

▶

Ubuntu

Linux kernel vulnerabilities↗2019-11-13

▶

Ubuntu

Linux kernel vulnerabilities↗2019-11-13

▶

Ubuntu

Linux kernel vulnerabilities↗2019-11-13

▶

Ubuntu

Linux kernel vulnerabilities↗2019-11-13

▶

💬Community

Bugzilla

CVE-2019-19339 kpatch: hw: incomplete fix for CVE-2018-12207↗2019-12-11

▶

Bugzilla

CVE-2018-12207 kernel: hw: Machine Check Error on Page Size Change (IPU) [fedora-all]↗2019-11-12

▶

Bugzilla

CVE-2018-12207 hw: Machine Check Error on Page Size Change (IFU)↗2018-11-06

▶

External resources

NVD MITRE

Affected products28

Canonical Ubuntu Linuxv14.04

Debian Debian Linuxv9.0

F5 Big-ip Access Policy Manager≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more

F5 Big-ip Advanced Firewall Manager≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more

F5 Big-ip Analytics≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more

F5 Big-ip Application Acceleration Manager≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more

F5 Big-ip Application Security Manager≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more

F5 Big-ip Domain Name System≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more

F5 Big-ip Fraud Protection Service≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more

F5 Big-ip Global Traffic Manager≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more

Disclosure

PublishedNov 14, 2019

Latest updateMay 24, 2022