4.9

CVE-2018-12904

Exploit
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.17.2
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.18% 0.637
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.4 3.4
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://usn.ubuntu.com/3752-1/
Third Party Advisory
https://usn.ubuntu.com/3752-2/
Third Party Advisory
https://usn.ubuntu.com/3752-3/
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8
Patch
Vendor Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
Third Party Advisory
Exploit
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2
Vendor Advisory
Release Notes
https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/44944/
Third Party Advisory
Exploit
VDB Entry