DEBIAN-CVE-2018-16882
- Source
- https://security-tracker.debian.org/tracker/CVE-2018-16882
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2018-16882.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2018-16882
- Upstream
- Published
- 2019-01-03T16:29:00Z
- Modified
- 2025-09-25T22:40:37Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nestedgetvmcs12pages(), in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descriptor address, which is later used in pitestandclearon(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source