CVE-2018-10901 is the identifier of a recently disclosed vulnerability in Linux kernel. More specifically, the vulnerability resides in the KVM virtualization subsystem, a full virtualization solution for Linux on x86 hardware containing virtualization extensions.
Using KVM, a user can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, and so on, as explained by Linux KVM.
The availability impact of CVE-2018-10901 has been defined as high.
Technical Overview of CVE-2018-10901
The flaw was discovered by Vladis Dronov, who reported that “the VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host’s userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. This can lead to a privilege escalation”.
The researcher also noted that only Red Hat Enterprise Linux 6 is vulnerable to a possible privilege escalation which can be triggered by the CVE-2018-10901 flaw. It appears that other Red Hat products are not vulnerable to this particular vulnerability.
A fix for CVE-2018-10901 is already available on Git Kernel:
vmx does not restore GDT.LIMIT to the host value, instead it sets it to 64KB. This means host userspace can learn a few bits of host memory. Fix by reloading GDTR when we load other host state.