CVE-2018-10901

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.06 % (28^th)

Affected Products 5

Advisories 4

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.

Weaknesses

CWE-665: Improper Initialization
CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2018-07-26 17:29:00
(6 years ago)
Updated Date: 2023-02-24 18:43:28
(19 months ago)

Affected Products

Linux

Linux Kernel

Redhat

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 2.6.36 version	cpe:2.3:o:linux:linux_kernel		< 2.6.36

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server Aus 6.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
	Redhat Enterprise Linux Server Aus 6.5	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
	Redhat Enterprise Linux Server Aus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0