Home

CVE-2018-16882

Description

A use-after-free issue was found in the way the Linux kernels KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the pi_desc_page without resetting pi_desc descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.101

Associated Vulnerability

VulnerabilityOS Platform
Linux hardware enablement (HWE) kernel (USN-3872-1) linux-image-4.18.0-14-generic_4.18.0-14.15~18.04.1_i386.debLinux
Linux hardware enablement (HWE) kernel (USN-3872-1) linux-image-4.18.0-14-generic_4.18.0-14.15~18.04.1_amd64.debLinux
Linux hardware enablement (HWE) kernel (USN-3872-1) linux-image-4.18.0-14-lowlatency_4.18.0-14.15~18.04.1_i386.debLinux
Linux hardware enablement (HWE) kernel (USN-3872-1) linux-image-4.18.0-14-lowlatency_4.18.0-14.15~18.04.1_amd64.debLinux
Linux kernel (USN-3878-1) linux-image-gcp_4.18.0.1006.6_amd64.debLinux
Linux kernel (USN-3878-1) linux-image-gke_4.18.0.1006.6_amd64.debLinux
Linux kernel (USN-3878-1) linux-image-kvm_4.18.0.1007.7_amd64.debLinux
Linux kernel (USN-3878-1) linux-image-4.18.0-1006-gcp_4.18.0-1006.7_amd64.debLinux
Linux kernel (USN-3878-1) linux-image-4.18.0-1007-kvm_4.18.0-1007.7_amd64.debLinux
Linux kernel (USN-3878-1) linux-image-4.18.0-1008-aws_4.18.0-1008.10_amd64.debLinux
Linux kernel (USN-3878-1) linux-image-4.18.0-14-generic_4.18.0-14.15_i386.debLinux
Linux kernel (USN-3878-1) linux-image-4.18.0-14-generic_4.18.0-14.15_amd64.debLinux
Linux kernel (USN-3878-1) linux-image-4.18.0-14-lowlatency_4.18.0-14.15_i386.debLinux
Linux kernel (USN-3878-1) linux-image-4.18.0-14-lowlatency_4.18.0-14.15_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3878-2) linux-image-4.18.0-1008-azure_4.18.0-1008.8_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234