CVE-2018-12633

Name: CVE-2018-12633
Creator: NVD / NIST
Published: 2018-06-22T00:29:00.27+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.26%

Last modified Jun 17, 2026

CVE-2018-12633 is a vulnerability of currently unknown severity. An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. EPSS estimates a 0.26% chance of exploitation in the next 30 days.

Description

An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage.

Metrics

EPSS Probability

0.26%

17.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-362

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	<= 4.17.2

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd23a7269834dc7c1f93e83535d16ebc44b75ebaPatch, Vendor Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=200131Issue Tracking, Vendor Advisory
https://github.com/torvalds/linux/commit/bd23a7269834dc7c1f93e83535d16ebc44b75ebaPatch, Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd23a7269834dc7c1f93e83535d16ebc44b75ebaPatch, Vendor Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=200131Issue Tracking, Vendor Advisory
https://github.com/torvalds/linux/commit/bd23a7269834dc7c1f93e83535d16ebc44b75ebaPatch, Third Party Advisory

Timeline

Published: Jun 22, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-12633?

How severe is CVE-2018-12633?

Severity scoring for CVE-2018-12633 is pending analysis. The EPSS model estimates a 0.26% probability of exploitation in the next 30 days.

How do I fix CVE-2018-12633?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-12633?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST