QwikSec

Security Database

CVE

CWE

Training

CVE-2018-16882

Published: Jan 3, 2019

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

6.1

MEDIUM

Description

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.

Vendor	Product	Versions
The Linux Foundation	kernel:	affected `before 4.14.91` affected `before 4.19.13`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

High

References

https://marc.info/?l=kvm&m=154514994222809&w=2

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_BID

https://lwn.net/Articles/775720/

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

https://lwn.net/Articles/775721/

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16882

x_refsource_CONFIRM

https://support.f5.com/csp/article/K80557033

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.