Published: 11/09/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 410

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

A flaw was found in the way Linux kernel KVM hypervisor prior to 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04
debian debian linux 8.0
linux linux kernel

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Several security issues were fixed in the Linux kernel ...

A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor It did not check current privilege(CPL) level while emulating unprivileged instructions An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest ...

CWE-269 https://www.openwall.com/lists/oss-security/2018/09/02/1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://usn.ubuntu.com/3777-2/https://usn.ubuntu.com/3777-1/http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0103 https://access.redhat.com/errata/RHSA-2020:0179 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:0103 https://usn.ubuntu.com/3777-2/

CVE-2018-10853

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect