CVE-2018-10853

Summary

A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.

Affected Software

VendorProductVersion RangeStatus
Linuxkernel4.18affected

Weaknesses

  • CWE-250: CWE-250

ADP Enrichment

CVE Program Container

Additional References

References