CVE-2018-18021
Publication date 7 October 2018
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.
From the Ubuntu Security Team
It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
18.04 LTS bionic |
Fixed 4.15.0-47.50
|
|
16.04 LTS xenial |
Fixed 4.4.0-139.165
|
|
14.04 LTS trusty | Ignored | |
linux-aws | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-aws-hwe | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial |
Fixed 4.15.0-1035.37~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-azure | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-azure-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-euclid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-gcp-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-47.50~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-47.50~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-kvm | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-wily | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-139.165~14.04.1
|
|
linux-maguro | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-oracle | ||
18.04 LTS bionic |
Fixed 4.15.0-1010.12
|
|
16.04 LTS xenial |
Fixed 4.15.0-1010.12~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
18.04 LTS bionic |
Fixed 4.15.0-1033.35
|
|
16.04 LTS xenial |
Fixed 4.4.0-1100.108
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.4.0-1104.109
|
|
14.04 LTS trusty | Not in release |
Patch details
Package | Patch details |
---|---|
linux |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.1 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3821-1
- Linux kernel vulnerabilities
- 14 November 2018
- USN-3931-1
- Linux kernel vulnerabilities
- 2 April 2019
- USN-3931-2
- Linux kernel (HWE) vulnerabilities
- 2 April 2019
- USN-3821-2
- Linux kernel (Xenial HWE) vulnerabilities
- 14 November 2018
Other references
- https://git.kernel.org/linus/d26c25a9d19b5976b319af528886f89cf455692d
- https://git.kernel.org/linus/2a3f93459d689d990b3ecfbe782fec89b97d3279
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f93459d689d990b3ecfbe782fec89b97d3279
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d26c25a9d19b5976b319af528886f89cf455692d
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.12
- https://github.com/torvalds/linux/commit/2a3f93459d689d990b3ecfbe782fec89b97d3279
- https://github.com/torvalds/linux/commit/d26c25a9d19b5976b319af528886f89cf455692d
- https://www.openwall.com/lists/oss-security/2018/10/02/2
- https://www.cve.org/CVERecord?id=CVE-2018-18021