Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-12904 — Improper Access Control in Kernel

CWE-284 — Improper Access Control14 documents8 sources

Severity

4.9MEDIUMNVD

OSV5.5

EPSS

0.2%

top 60.02%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux

Timeline

PublishedJun 27

Latest updateMay 13

Description

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 1.4 | Impact: 3.4

Affected Packages4 packages

▶NVDlinux/linux_kernel< 4.17.2

▶Debianlinux/linux_kernel< 4.16.16-1+3

▶Ubuntulinux/linux_kernel< 4.15.0-33.36

▶debiandebian/linux< linux 4.16.16-1 (bookworm)

Also affects: Ubuntu Linux 16.04, 18.04

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-vx6h-cqmq-qj84: In arch/x86/kvm/vmx↗2022-05-13

▶

OSV

linux-azure, linux-oem, linux-gcp vulnerabilities↗2018-08-28

▶

OSV

linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities↗2018-08-24

▶

OSV

linux-hwe vulnerabilities↗2018-08-24

▶

OSV

CVE-2018-12904: In arch/x86/kvm/vmx↗2018-06-27

▶

💥Exploits & PoCs

Exploit-DB

KVM (Nested Virtualization) - L1 Guest Privilege Escalation↗2018-06-25

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure, GCP, OEM) vulnerabilities↗2018-08-28

▶

Ubuntu

Linux kernel vulnerabilities↗2018-08-24

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2018-08-24

▶

Red Hat

kernel: kvm: nVMX: missing privilege check allows privilege escalation in nested virtualization↗2018-06-12

▶

Debian

CVE-2018-12904: linux - In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualizat...↗2018

▶

💬Community

Bugzilla

CVE-2018-12904 kernel: kvm: nVMX: missing privilege check allows privilege escalation in nested virtualization↗2018-06-26

▶

Bugzilla

CVE-2018-12904 kernel: kvm: Missing privilege check allows privilege escalation in nested virtualization scenario [fedora-all]↗2018-06-26

▶