CVE-2018-1087 - kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel

CVE-2018-1087

Summary

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:4.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.16:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.16:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.17:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.17:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.17:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.17:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.17:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.17:rc3:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 09-10-2019 - 23:38)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2018:1318
rhsa
id RHSA-2018:1345
rhsa
id RHSA-2018:1347
rhsa
id RHSA-2018:1348
rhsa
id RHSA-2018:1355
rhsa
id RHSA-2018:1524

rpms

kernel-0:3.10.0-862.2.3.el7
kernel-abi-whitelists-0:3.10.0-862.2.3.el7
kernel-bootwrapper-0:3.10.0-862.2.3.el7
kernel-debug-0:3.10.0-862.2.3.el7
kernel-debug-debuginfo-0:3.10.0-862.2.3.el7
kernel-debug-devel-0:3.10.0-862.2.3.el7
kernel-debuginfo-0:3.10.0-862.2.3.el7
kernel-debuginfo-common-ppc64-0:3.10.0-862.2.3.el7
kernel-debuginfo-common-ppc64le-0:3.10.0-862.2.3.el7
kernel-debuginfo-common-s390x-0:3.10.0-862.2.3.el7
kernel-debuginfo-common-x86_64-0:3.10.0-862.2.3.el7
kernel-devel-0:3.10.0-862.2.3.el7
kernel-doc-0:3.10.0-862.2.3.el7
kernel-headers-0:3.10.0-862.2.3.el7
kernel-kdump-0:3.10.0-862.2.3.el7
kernel-kdump-debuginfo-0:3.10.0-862.2.3.el7
kernel-kdump-devel-0:3.10.0-862.2.3.el7
kernel-tools-0:3.10.0-862.2.3.el7
kernel-tools-debuginfo-0:3.10.0-862.2.3.el7
kernel-tools-libs-0:3.10.0-862.2.3.el7
kernel-tools-libs-devel-0:3.10.0-862.2.3.el7
perf-0:3.10.0-862.2.3.el7
perf-debuginfo-0:3.10.0-862.2.3.el7
python-perf-0:3.10.0-862.2.3.el7
python-perf-debuginfo-0:3.10.0-862.2.3.el7
kernel-0:3.10.0-693.25.4.el7
kernel-abi-whitelists-0:3.10.0-693.25.4.el7
kernel-bootwrapper-0:3.10.0-693.25.4.el7
kernel-debug-0:3.10.0-693.25.4.el7
kernel-debug-debuginfo-0:3.10.0-693.25.4.el7
kernel-debug-devel-0:3.10.0-693.25.4.el7
kernel-debuginfo-0:3.10.0-693.25.4.el7
kernel-debuginfo-common-ppc64-0:3.10.0-693.25.4.el7
kernel-debuginfo-common-ppc64le-0:3.10.0-693.25.4.el7
kernel-debuginfo-common-s390x-0:3.10.0-693.25.4.el7
kernel-debuginfo-common-x86_64-0:3.10.0-693.25.4.el7
kernel-devel-0:3.10.0-693.25.4.el7
kernel-doc-0:3.10.0-693.25.4.el7
kernel-headers-0:3.10.0-693.25.4.el7
kernel-kdump-0:3.10.0-693.25.4.el7
kernel-kdump-debuginfo-0:3.10.0-693.25.4.el7
kernel-kdump-devel-0:3.10.0-693.25.4.el7
kernel-tools-0:3.10.0-693.25.4.el7
kernel-tools-debuginfo-0:3.10.0-693.25.4.el7
kernel-tools-libs-0:3.10.0-693.25.4.el7
kernel-tools-libs-devel-0:3.10.0-693.25.4.el7
perf-0:3.10.0-693.25.4.el7
perf-debuginfo-0:3.10.0-693.25.4.el7
python-perf-0:3.10.0-693.25.4.el7
python-perf-debuginfo-0:3.10.0-693.25.4.el7
kernel-0:3.10.0-327.66.3.el7
kernel-abi-whitelists-0:3.10.0-327.66.3.el7
kernel-bootwrapper-0:3.10.0-327.66.3.el7
kernel-debug-0:3.10.0-327.66.3.el7
kernel-debug-debuginfo-0:3.10.0-327.66.3.el7
kernel-debug-devel-0:3.10.0-327.66.3.el7
kernel-debuginfo-0:3.10.0-327.66.3.el7
kernel-debuginfo-common-ppc64le-0:3.10.0-327.66.3.el7
kernel-debuginfo-common-x86_64-0:3.10.0-327.66.3.el7
kernel-devel-0:3.10.0-327.66.3.el7
kernel-doc-0:3.10.0-327.66.3.el7
kernel-headers-0:3.10.0-327.66.3.el7
kernel-tools-0:3.10.0-327.66.3.el7
kernel-tools-debuginfo-0:3.10.0-327.66.3.el7
kernel-tools-libs-0:3.10.0-327.66.3.el7
kernel-tools-libs-devel-0:3.10.0-327.66.3.el7
perf-0:3.10.0-327.66.3.el7
perf-debuginfo-0:3.10.0-327.66.3.el7
python-perf-0:3.10.0-327.66.3.el7
python-perf-debuginfo-0:3.10.0-327.66.3.el7
kernel-0:3.10.0-514.48.3.el7
kernel-abi-whitelists-0:3.10.0-514.48.3.el7
kernel-bootwrapper-0:3.10.0-514.48.3.el7
kernel-debug-0:3.10.0-514.48.3.el7
kernel-debug-debuginfo-0:3.10.0-514.48.3.el7
kernel-debug-devel-0:3.10.0-514.48.3.el7
kernel-debuginfo-0:3.10.0-514.48.3.el7
kernel-debuginfo-common-ppc64-0:3.10.0-514.48.3.el7
kernel-debuginfo-common-ppc64le-0:3.10.0-514.48.3.el7
kernel-debuginfo-common-s390x-0:3.10.0-514.48.3.el7
kernel-debuginfo-common-x86_64-0:3.10.0-514.48.3.el7
kernel-devel-0:3.10.0-514.48.3.el7
kernel-doc-0:3.10.0-514.48.3.el7
kernel-headers-0:3.10.0-514.48.3.el7
kernel-kdump-0:3.10.0-514.48.3.el7
kernel-kdump-debuginfo-0:3.10.0-514.48.3.el7
kernel-kdump-devel-0:3.10.0-514.48.3.el7
kernel-tools-0:3.10.0-514.48.3.el7
kernel-tools-debuginfo-0:3.10.0-514.48.3.el7
kernel-tools-libs-0:3.10.0-514.48.3.el7
kernel-tools-libs-devel-0:3.10.0-514.48.3.el7
perf-0:3.10.0-514.48.3.el7
perf-debuginfo-0:3.10.0-514.48.3.el7
python-perf-0:3.10.0-514.48.3.el7
python-perf-debuginfo-0:3.10.0-514.48.3.el7
kernel-rt-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-debug-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-debug-debuginfo-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-debug-devel-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-debug-kvm-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-debug-kvm-debuginfo-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-debuginfo-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-debuginfo-common-x86_64-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-devel-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-doc-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-kvm-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-kvm-debuginfo-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-trace-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-trace-debuginfo-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-trace-devel-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-trace-kvm-0:3.10.0-862.2.3.rt56.806.el7
kernel-rt-trace-kvm-debuginfo-0:3.10.0-862.2.3.rt56.806.el7
imgbased-0:1.0.16-0.1.el7ev
ovirt-node-ng-nodectl-0:4.2.0-0.20170814.0.el7
python-imgbased-0:1.0.16-0.1.el7ev
redhat-release-virtualization-host-0:4.2-3.0.el7
redhat-virtualization-host-image-update-0:4.2-20180508.0.el7_5
redhat-virtualization-host-image-update-placeholder-0:4.2-3.0.el7
redhat-virtualization-host-image-update-0:3.6-20180521.0.el7_3
rhev-hypervisor7-0:7.3-20180521.1.el6ev
rhev-hypervisor7-0:7.3-20180521.1.el7ev

refmap via4

bid	104127
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087
debian	DSA-4196
misc	http://www.openwall.com/lists/oss-security/2018/05/08/5 https://access.redhat.com/security/vulnerabilities/pop_ss
sectrack	1040862
ubuntu	USN-3641-1 USN-3641-2

Last major update

09-10-2019 - 23:38

Published

15-05-2018 - 16:29

Last modified

09-10-2019 - 23:38