CVE-2018-18021

NameCVE-2018-18021
Descriptionarch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4313-1
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie3.16.56-1+deb8u1vulnerable
jessie (security)3.16.59-1vulnerable
stretch4.9.130-2fixed
stretch (security)4.9.110-3+deb9u6fixed
buster, sid4.18.20-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)4.18.10-2low
linuxsourcestretch4.9.110-3+deb9u6lowDSA-4313-1

Notes

[jessie] - linux <ignored> (arm64 not supported in jessie LTS)
https://git.kernel.org/linus/d26c25a9d19b5976b319af528886f89cf455692d
https://git.kernel.org/linus/2a3f93459d689d990b3ecfbe782fec89b97d3279

Search for package or bug name: Reporting problems