CVE-2018-18021

HIGH

Linux Kernel < 4.18.12 - Improper Input Validation

Title source: rule
STIX 2.1

Description

arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.

References (13)

Core 13
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3821-1/
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2018/10/02/2
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3656
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105550
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3821-2/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4313
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3931-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3931-2/

Scores

CVSS v3 7.1
EPSS 0.0009
EPSS Percentile 24.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-20
Status published
Products (4)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
debian/debian_linux 9.0
linux/linux_kernel < 4.18.12
Published Oct 07, 2018
Tracked Since Feb 18, 2026