APPLIED: [A/B/C] CVE-2018-12904 - Possible priv escalation and DoS in nested KVM
Khaled Elmously
khalid.elmously at canonical.com
Wed Jul 25 05:22:27 UTC 2018
Applied to A and B
On 2018-06-28 23:31:50 , Tyler Hicks wrote:
> Description:
> In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested
> virtualization is used, local attackers could cause L1 KVM guests to
> VMEXIT, potentially allowing privilege escalations and denial of service
> attacks due to lack of checking of CPL.
> Notes:
> tyhicks> Ubuntu kernels do not enable nested KVM virtualization by default and
> are unaffected by this flaw in the default configuration. To ensure that
> nested virtualization is not enabled, verify that the
> /sys/module/kvm_intel/parameters/nested file contains "N".
> Bugs:
> https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
> Priority: low
> Discovered-by: Felix Wilhelm
>
> Tyler
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list