Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-10901

Опубликовано: 26 июл. 2018
Источник: nvd
CVSS3: 7.8
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 2.6.36 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%
0.0009
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-665
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2018-10901

CVSS3: 7.8
ubuntu
почти 7 лет назад

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.

redhat логотип

CVE-2018-10901

CVSS3: 7.8
redhat
почти 15 лет назад

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.

debian логотип

CVE-2018-10901

CVSS3: 7.8
debian
почти 7 лет назад

A flaw was found in Linux kernel's KVM virtualization subsystem. The V ...

github логотип

GHSA-8j5h-gvcc-pfhw

CVSS3: 7.8
github
около 3 лет назад

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.

fstec логотип

BDU:2019-00183

CVSS3: 7.8
fstec
почти 7 лет назад

Уязвимость подсистемы виртуализации Kernel-based Virtual Machine ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 27%
0.0009
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-665
NVD-CWE-noinfo