Denial of Service Vulnerability in Google gVisor
CVE-2018-20168

5.5MEDIUM

Key Information:

Vendor: Google
Status: Gvisor
Vendor: CVE Published:; 17 December 2018

What is CVE-2018-20168?

Google gVisor, prior to the update on August 22, 2018, has a vulnerability that involves improper handling of pagetable reuse at different levels while retaining the paging-structure cache. This flaw can be exploited by attackers through a specially crafted application, leading to a denial of service condition characterized by a 'physical address not valid' panic. Organizations utilizing gVisor should ensure they upgrade to the latest version to mitigate this risk.

References

https://bugs.chromium.org/p/project-zero/issues/detail?id...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2018
Vulnerability Reserved
Dec 16, 2018