Executive Summary

Informations
NameCVE-2018-16882First vendor Publication2019-01-03
VendorCveLast vendor Modification2019-04-23

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16882

CWE : Common Weakness Enumeration

%idName
100 %CWE-416Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Os4
Os2713

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/106254
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16882
https://lwn.net/Articles/775720/
https://lwn.net/Articles/775721/
https://support.f5.com/csp/article/K80557033
MISC https://marc.info/?l=kvm&m=154514994222809&w=2
UBUNTU https://usn.ubuntu.com/3871-1/
https://usn.ubuntu.com/3871-3/
https://usn.ubuntu.com/3871-4/
https://usn.ubuntu.com/3871-5/
https://usn.ubuntu.com/3872-1/
https://usn.ubuntu.com/3878-1/
https://usn.ubuntu.com/3878-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
DateInformations
2019-04-23 21:19:15
  • Multiple Updates
2019-04-23 17:19:01
  • Multiple Updates
2019-04-22 21:19:16
  • Multiple Updates
2019-03-05 21:19:19
  • Multiple Updates
2019-02-05 17:19:26
  • Multiple Updates
2019-01-30 21:18:43
  • Multiple Updates
2019-01-30 00:18:41
  • Multiple Updates
2019-01-04 17:19:57
  • Multiple Updates
2019-01-03 21:18:54
  • First insertion