Description
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdoslinux
https://www.exploit-db.com/exploits/44944
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3752-2/
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3752-3/
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.2
Exploit, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
Patch, Vendor Advisory x_refsource_misc
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=727ba748e110b4de50d142edca9d6a9b7e6111d8
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3752-1/
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44944/
Scores
CVSS v3
4.9
EPSS
0.0018
EPSS Percentile
39.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
Status
published
Products (3)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
linux/linux_kernel
< 4.17.2
Published
Jun 27, 2018
Tracked Since
Feb 18, 2026