Privilege Escalation Vulnerability in Linux Kernel's KVM Virtualization Subsystem

Privilege Escalation Vulnerability in Linux Kernel's KVM Virtualization Subsystem

CVE-2018-10901 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.