CVE-2018-18021 — Improper Input Validation in Kernel

CWE-20 — Improper Input Validation16 documents7 sources

Severity

7.1HIGHNVD

OSV7.8OSV5.5

EPSS

0.1%

top 74.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux +1 more

Timeline

PublishedOct 7

Latest updateMay 14

Description

arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTAT…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDlinux/linux_kernel< 4.18.12

▶Debianlinux/linux_kernel< 4.18.10-2+3

▶Ubuntulinux/linux_kernel< 4.4.0-139.165+1

▶debiandebian/linux< linux 4.18.10-2 (bookworm)

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: cdn.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-6vp5-5gv4-mcqp: arch/arm64/kvm/guest↗2022-05-14

▶

OSV

linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 vulnerabilities↗2019-04-02

▶

OSV

linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities↗2019-04-02

▶

OSV

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities↗2018-11-14

▶

OSV

linux-lts-xenial, linux-aws vulnerabilities↗2018-11-14

▶

📋Vendor Advisories

Ubuntu

Linux kernel (HWE) vulnerabilities↗2019-04-02

▶

Ubuntu

Linux kernel vulnerabilities↗2019-04-02

▶

Ubuntu

Linux kernel vulnerabilities↗2018-11-14

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2018-11-14

▶

Red Hat

kernel: Privilege escalation on arm64 via KVM hypervisor↗2018-10-03

▶

💬Community

Bugzilla

CVE-2018-18021 kernel: Privilege escalation on arm64 via KVM hypervisor↗2018-10-03

▶

Bugzilla

CVE-2018-18021 kernel: Privilege escalation on arm64 via KVM hypervisor [fedora-all]↗2018-10-03

▶

Bugzilla

CVE-2017-18021 qtpass: predictable random password generation↗2018-01-11

▶