How severe is CVE-2018-12633?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2018-12633?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2018-12633

MEDIUM Year: 2018

CVSS v3 Score

6.3

Medium

CVSS v2 Score

6.3

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage.

CVE-2016-1975

MEDIUM

CVSS:6.3(Medium)

Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (...

CWE-3622016

CVE-2016-7777

MEDIUM

CVSS:6.3(Medium)

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on...

CWE-3622016

CVE-2020-10737

MEDIUM

CVSS:6.3(Medium)

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into t...

CWE-3622020

CVE-2020-1839

MEDIUM

CVSS:6.3(Medium)

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another proce...

CWE-3622020

CVE-2020-25653

MEDIUM

CVSS:6.3(Medium)

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-...

CWE-3622020

CVE-2020-25775

MEDIUM

CVSS:6.3(Medium)

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the...

CWE-3622020

CVE-2018-12633

Vulnerability Description

Related Vulnerabilities

CVE-2016-1975

CVE-2016-7777

CVE-2020-10737

CVE-2020-1839

CVE-2020-25653

CVE-2020-25775