CVE-2018-18021

NameCVE-2018-18021
Descriptionarch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1715-1, DSA-4313-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie, jessie (lts)3.16.84-1vulnerable
stretch (security)4.9.320-2fixed
stretch (lts), stretch4.9.320-3fixed
buster (security), buster, buster (lts)4.19.316-1fixed
bullseye5.10.223-1fixed
bullseye (security)5.10.226-1fixed
bookworm6.1.115-1fixed
bookworm (security)6.1.119-1fixed
trixie6.12.5-1fixed
sid6.12.6-1fixed
linux-4.9 (PTS)jessie, jessie (lts)4.9.303-1~deb8u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcestretch4.9.110-3+deb9u6DSA-4313-1
linuxsource(unstable)4.18.10-2
linux-4.9sourcejessie4.9.144-3.1~deb8u1DLA-1715-1

Notes

[jessie] - linux <ignored> (arm64 not supported in jessie LTS)
https://git.kernel.org/linus/d26c25a9d19b5976b319af528886f89cf455692d
https://git.kernel.org/linus/2a3f93459d689d990b3ecfbe782fec89b97d3279

Search for package or bug name: Reporting problems