CVE-2018-12904

MEDIUM

Linux Kernel < 4.17.2 - Denial of Service via Nested Virtualization VMEXIT

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12904. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a flaw in KVM on Intel systems where VMX instructions from a L1 VM are not properly validated for ring 0 execution, allowing user-space programs in L1 to trigger VM exits and potentially escalate privileges. The PoC demonstrates this by executing a VMX instruction from user space, causing a kernel crash.

Description

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoslinux

https://www.exploit-db.com/exploits/44944

View Code ZIP pw:eip

This exploit leverages a flaw in KVM on Intel systems where VMX instructions from a L1 VM are not properly validated for ring 0 execution, allowing user-space programs in L1 to trigger VM exits and potentially escalate privileges. The PoC demonstrates this by executing a VMX instruction from user space, causing a kernel crash.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: KVM (Kernel-based Virtual Machine) on Intel systems running Linux kernel 4.15.0-22-generic

No auth needed

Prerequisites: L1 VM with a running L2 guest · CR4.VMXE enabled in the L1 guest

MITRE ATT&CK