CVE-2018-18021

arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.

From the Ubuntu Security Team

It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	18.10 cosmic	Not affected
	18.04 LTS bionic	Fixed 4.15.0-47.50
	16.04 LTS xenial	Fixed 4.4.0-139.165
	14.04 LTS trusty	Ignored
linux-aws	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
linux-aws-hwe	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Fixed 4.15.0-1035.37~16.04.1
	14.04 LTS trusty	Not in release
linux-azure	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
linux-azure-edge	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-euclid	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-flo	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-gcp	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-gcp-edge	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-goldfish	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-grouper	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-hwe	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.15.0-47.50~16.04.1
	14.04 LTS trusty	Not in release
linux-hwe-edge	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.15.0-47.50~16.04.1
	14.04 LTS trusty	Not in release
linux-kvm	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-lts-trusty	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-utopic	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-vivid	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-wily	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-xenial	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Fixed 4.4.0-139.165~14.04.1
linux-maguro	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-mako	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-manta	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-oem	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-oracle	18.10 cosmic	Not affected
	18.04 LTS bionic	Fixed 4.15.0-1010.12
	16.04 LTS xenial	Fixed 4.15.0-1010.12~16.04.1
	14.04 LTS trusty	Not in release
linux-raspi2	18.10 cosmic	Not affected
	18.04 LTS bionic	Fixed 4.15.0-1033.35
	16.04 LTS xenial	Fixed 4.4.0-1100.108
	14.04 LTS trusty	Not in release
linux-snapdragon	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.4.0-1104.109
	14.04 LTS trusty	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by 0d854a6, fixed by 2a3f934 Introduced by 2f4a07c, fixed by d26c25a

Severity score breakdown

Parameter	Value
Base score	7.1 · High
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-3821-1
Linux kernel vulnerabilities
14 November 2018

USN-3931-1
Linux kernel vulnerabilities
2 April 2019

USN-3931-2
Linux kernel (HWE) vulnerabilities
2 April 2019

USN-3821-2
Linux kernel (Xenial HWE) vulnerabilities
14 November 2018