CVE-2018-10853
CVE-2018-10853
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
11 Sep 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Linux · kernelWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.htmlhttps://access.redhat.com/errata/RHSA-2019:2029https://access.redhat.com/errata/RHSA-2019:2043https://access.redhat.com/errata/RHSA-2020:0036https://access.redhat.com/errata/RHSA-2020:0103https://access.redhat.com/errata/RHSA-2020:0179https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00020.html