How severe is CVE-2018-16882?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2018-16882?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2018-16882 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.

Related Vulnerabilities

CVE-2019-19528

MEDIUM

CVSS:6.1(Medium)

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

CWE-4162019

CVE-2020-8647

MEDIUM

CVSS:6.1(Medium)

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

CWE-4162020

CVE-2025-20062

HIGH

CVSS:6.1(Medium)

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CWE-4162025

CVE-2018-14619

MEDIUM

CVSS:6.2(Medium)

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed...

CWE-4162018

CVE-2021-47224

MEDIUM

CVSS:6.2(Medium)

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: Make sure to free skb when it is completely used With the skb pointer piggy-backed on the TX BD, we have a simple and...

CWE-4162021

CVE-2021-47375

MEDIUM

CVSS:6.2(Medium)

In the Linux kernel, the following vulnerability has been resolved: blktrace: Fix uaf in blk_trace access after removing by sysfs There is an use-after-free problem triggered by following process: P1(...

CWE-4162021