Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
The emulation of the instructions HLT, LGDT, LIDT, and LMSW fails to perform supervisor mode permission checks.
permission uncheck (missing)
x86/emulate: check cpl for all privileged instructions
Without this, it is possible for userspace to load its own IDT or GDT.
Malicious HVM guest user mode code may be able to crash the guest or escalate its own privilege to guest kernel mode.
DoS, privilege escalation