How severe is CVE-2018-1087?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-1087?

This is classified as CWE-250, which is a common weakness in software security.

CVE-2018-1087

HIGH Year: 2018

CVSS v3 Score

7.8

High

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-250

View all →

Vulnerability Description

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.

CVE-2017-7518

HIGH

CVSS:7.8(High)

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug excepti...

CWE-2502017

CVE-2018-10853

HIGH

CVSS:7.8(High)

A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged i...

CWE-2502018

CVE-2018-25078

HIGH

CVSS:7.8(High)

man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can st...

CWE-2502018

CVE-2019-16784

HIGH

CVSS:7.8(High)

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a pr...

CWE-2502019

CVE-2020-10056

HIGH

CVSS:7.8(High)

A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server whil...

CWE-2502020

CVE-2020-14386

HIGH

CVSS:7.8(High)

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confi...

CWE-2502020

CVE-2018-1087

Vulnerability Description

Related Vulnerabilities

CVE-2017-7518

CVE-2018-10853

CVE-2018-25078

CVE-2019-16784

CVE-2020-10056

CVE-2020-14386