Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Linux kernel KVM 安全漏洞
Vulnerability Description
Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。KVM是其中的一个基于内核的虚拟机。 基于arm64平台的Linux kernel 4.18.12之前版本中的KVM的t.c文件存在安全漏洞,该漏洞源于程序没有充分的执行访问限制并且PSTATE.M检测机制没有阻止非预期的执行状态。攻击者可利用该漏洞重定向虚拟机监视器的控制流或造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A