CVE-2022-38037 Windows Kernel Elevation of Privilege Vulnerability

The respective vulnerabilities have been assigned CVE identifiers, which is the standard way to reference these issues. The following is a complete list of all CVEs related to this issue: CVE-2018-18405 Hypervisor user-mode escalation of privilege Vulnerability. This CVE ID is unique from CVE-2018-18404, CVE-2018-18402, CVE-2018-18401, CVE-2018-18400, CVE-2018-18399, CVE-2018-18398, CVE-2018-18397, CVE-2018-18396, CVE-2018-18395, CVE-2018-18394, CVE-2018-18393, CVE-2018-18392, CVE-2018-18391, CVE-2018-18390, CVE-2018-18389, CVE-2018-18388, CVE-2018-18387, CVE-2018-18386, CVE-2018-18385, CVE-2018-18384, CVE-2018-18383, CVE-2018-18382, CVE-2018-18381, CVE-2018-18380, CVE-2018-18379, CVE-2018-18378, CVE-2018-18375, CVE-2018-18374, CVE-2018-18373, CVE-2018-18372, CVE-2018-18371, CVE-2018-18370, CVE-2018-18369, CVE-2018-18368, CVE-2018-18

Hypervisor user-mode escalation of privilege Vulnerability

The vulnerability exists in how hypervisor-related components handle the interaction between user-mode and kernel-mode code. This interaction is through the system call interface, which allows for privilege escalation when an attacker can run code directly in user mode. The attack vector for this particular issue exists in the boot process.
Exploitation of this vulnerability on a hypervisor running with a non-default configuration may result in privileges being escalated to root or other administrative accounts.

Vulnerability summary

The vulnerability allows attackers to elevate their privileges to those of a Hypervisor user, potentially bypassing the account's privilege settings. This could allow an attacker to escalate their privileges to those of a system user or administrator on the host.

Hypervisor-mode user-mode escalation of privilege vulnerability

Researchers found a hypervisor-mode user-mode escalation of privilege vulnerability in the Windows Hypervisor. This vulnerability is unique from CVE-2018-18404, CVE-2018-18402, CVE-2018-18399, CVE-2018-18398, CVE-2018-18397, CVE-2018-18396, and CVE-2018-18395.

Timeline

Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/11/2022 19:16:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38037
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38037