Vulnerability-Lookup

BDU:2020-02415

Vulnerability from fstec - Published: 09.04.2020

Title

Уязвимость компонента HSTATE_HOST_R1 подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонента HSTATE_HOST_R1 подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux вызвана ошибками синхронизации при использовании общего ресурса. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Vendor

Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc.

Software Name

Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Workstation Extension, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Open Buildservice Development Tools, OpenSUSE Leap, SUSE Linux Enterprise Module for Live Patching, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise Module for Realtime packages, SUSE Linux Enterprise Real Time Extension, Linux

Software Version

7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Workstation Extension), 12 SP4 (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Development Tools), 12 SP4 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise Live Patching), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Live Patching), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Public Cloud), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 12 SP5 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise Module for Realtime packages), 12 SP4 (SUSE Linux Enterprise Real Time Extension), 12 SP5 (SUSE Linux Enterprise Workstation Extension), 12 SP5 (SUSE Linux Enterprise Live Patching), 12 SP5 (SUSE Linux Enterprise Real Time Extension), от 4.1.31 до 4.1 включительно (Linux), от 4.4.19 до 4.4 включительно (Linux), от 4.7.2 до 4.17 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: Обновление программного обеспечения до актуальной версиии Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2020-8834/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2020-8834 Для Ubuntu: https://usn.ubuntu.com/4318-1/ Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2020-8834

Reference

https://www.suse.com/security/cve/CVE-2020-8834/ https://access.redhat.com/security/cve/cve-2020-8834 https://usn.ubuntu.com/4318-1/ https://security-tracker.debian.org/tracker/CVE-2020-8834 https://bugzilla.redhat.com/show_bug.cgi?id=1819615 https://nvd.nist.gov/vuln/detail/CVE-2020-8834

CWE

CWE-362, CWE-368

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Workstation Extension), 12 SP4 (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Development Tools), 12 SP4 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise Live Patching), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Live Patching), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Public Cloud), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 12 SP5 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise Module for Realtime packages), 12 SP4 (SUSE Linux Enterprise Real Time Extension), 12 SP5 (SUSE Linux Enterprise Workstation Extension), 12 SP5 (SUSE Linux Enterprise Live Patching), 12 SP5 (SUSE Linux Enterprise Real Time Extension), \u043e\u0442 4.1.31 \u0434\u043e 4.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.4.19 \u0434\u043e 4.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.7.2 \u0434\u043e 4.17 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2020-8834/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2020-8834\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4318-1/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2020-8834",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.04.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.05.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02415",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8834",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Workstation Extension, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Open Buildservice Development Tools, OpenSUSE Leap, SUSE Linux Enterprise Module for Live Patching, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise Module for Realtime packages, SUSE Linux Enterprise Real Time Extension, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Novell Inc. OpenSUSE Leap 15.1 , Novell Inc. Suse Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.1.31 \u0434\u043e 4.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.4.19 \u0434\u043e 4.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.7.2 \u0434\u043e 4.17 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 HSTATE_HOST_R1 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 Kernel-based Virtual Machine (KVM) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb) (CWE-362), \u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438 \u0432 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438 \u043c\u0435\u0436\u0434\u0443 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0430\u043c\u0438 (CWE-368)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 HSTATE_HOST_R1 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 Kernel-based Virtual Machine (KVM) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "https://usn.ubuntu.com/4318-1/\\r\\nhttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717\\r\\nhttps://usn.ubuntu.com/usn/usn-4318-1\\r\\nhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html\\r\\nhttps://www.openwall.com/lists/oss-security/2020/04/06/2\\r\\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8834\\r\\nhttps://ubuntu.com/security/notices/USN-4318-1",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/security/cve/CVE-2020-8834/\nhttps://access.redhat.com/security/cve/cve-2020-8834\nhttps://usn.ubuntu.com/4318-1/\nhttps://security-tracker.debian.org/tracker/CVE-2020-8834\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1819615\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8834",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-362, CWE-368",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CVE-2020-8834 (GCVE-0-2020-8834)

Vulnerability from cvelistv5 – Published: 2020-04-09 22:10 – Updated: 2024-09-16 22:03

Title

Linux kernel KVM Power8 conflicting use of HSTATE_HOST_R1

Summary

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file")

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-368

Assigner

canonical

References

URL

Tags

	https://www.openwall.com/lists/oss-security/2020/…	x_refsource_MISC
	https://usn.ubuntu.com/usn/usn-4318-1	x_refsource_MISC
	https://bugs.launchpad.net/ubuntu/+source/linux/+…	x_refsource_MISC
	https://usn.ubuntu.com/4318-1/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	Linux kernel	Linux kernel	Affected: 4.8 , < unspecified (custom) Affected: unspecified , < 4.18 (custom)

Date Public ?

2020-04-06 00:00

Credits

Gustavo Romero Paul Mackerras

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:12:10.661Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/04/06/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-4318-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717"
          },
          {
            "name": "USN-4318-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4318-1/"
          },
          {
            "name": "openSUSE-SU-2020:0543",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "PPC Power8"
          ],
          "product": "Linux kernel",
          "vendor": "Linux kernel",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.8",
              "versionType": "custom"
            },
            {
              "lessThan": "4.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gustavo Romero"
        },
        {
          "lang": "en",
          "value": "Paul Mackerras"
        }
      ],
      "datePublic": "2020-04-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 (\"KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures\") 87a11bb6a7f7 (\"KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode\") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it\u0027s believed the first is the only strictly necessary commit: 6f597c6b63b6 (\"KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()\") 7b0e827c6970 (\"KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm\") 009c872a8bc4 (\"KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file\")"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-368",
              "description": "CWE-368",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-23T15:06:26.000Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/04/06/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-4318-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717"
        },
        {
          "name": "USN-4318-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4318-1/"
        },
        {
          "name": "openSUSE-SU-2020:0543",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Apply the following three Linux kernel commits, though possibly only the first commit is strictly necessary:                                                                                           \n                                                                                                                                                             \n  6f597c6b63b6 (\"KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()\")\n  7b0e827c6970 (\"KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm\")\n  009c872a8bc4 (\"KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file\")"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Linux kernel KVM Power8 conflicting use of  HSTATE_HOST_R1",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-04-06T16:00:00.000Z",
          "ID": "CVE-2020-8834",
          "STATE": "PUBLIC",
          "TITLE": "Linux kernel KVM Power8 conflicting use of  HSTATE_HOST_R1"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux kernel",
                      "version": {
                        "version_data": [
                          {
                            "platform": "PPC Power8",
                            "version_affected": "\u003e=",
                            "version_value": "4.8"
                          },
                          {
                            "platform": "PPC Power8",
                            "version_affected": "\u003c",
                            "version_value": "4.18"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux kernel"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Gustavo Romero"
          },
          {
            "lang": "eng",
            "value": "Paul Mackerras"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 (\"KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures\") 87a11bb6a7f7 (\"KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode\") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it\u0027s believed the first is the only strictly necessary commit: 6f597c6b63b6 (\"KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()\") 7b0e827c6970 (\"KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm\") 009c872a8bc4 (\"KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file\")"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-368"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/04/06/2",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/04/06/2"
            },
            {
              "name": "https://usn.ubuntu.com/usn/usn-4318-1",
              "refsource": "MISC",
              "url": "https://usn.ubuntu.com/usn/usn-4318-1"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717"
            },
            {
              "name": "USN-4318-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4318-1/"
            },
            {
              "name": "openSUSE-SU-2020:0543",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Apply the following three Linux kernel commits, though possibly only the first commit is strictly necessary:                                                                                           \n                                                                                                                                                             \n  6f597c6b63b6 (\"KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()\")\n  7b0e827c6970 (\"KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm\")\n  009c872a8bc4 (\"KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file\")"
          }
        ],
        "source": {
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-8834",
    "datePublished": "2020-04-09T22:10:14.975Z",
    "dateReserved": "2020-02-10T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:03:01.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-02415

CVE-2020-8834 (GCVE-0-2020-8834)

Tags

Sightings

Nomenclature