cnvd - cnvd-2018-09781

cnvd-2018-09781

Vulnerability from cnvd

Title

Linux kernel KVM本地权限提升漏洞

Description

Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。KVM（Kernel-based Virtual Machine，基于内核的虚拟机）是用于其中的一种虚拟化基础设施。 Linux kernel中的KVM的虚拟机监视器处理异常情况存在安全漏洞。攻击者可利用该漏洞造成拒绝服务（崩溃）或提升权限。

Severity

中

Patch Name

Linux kernel KVM本地权限提升漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.linux-kvm.org/

Reference

http://www.openwall.com/lists/oss-security/2018/05/08/5

Impacted products

Name
['Linux Kernel 4.16', 'Linux Kernel 4.16-rc7', 'Linux Kernel 4.17-rc1', 'Linux Kernel 4.17-rc2', 'Linux Kernel 4.17-rc3']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104127"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1087"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002KVM\uff08Kernel-based Virtual Machine\uff0c\u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a\uff09\u662f\u7528\u4e8e\u5176\u4e2d\u7684\u4e00\u79cd\u865a\u62df\u5316\u57fa\u7840\u8bbe\u65bd\u3002\r\n\r\nLinux kernel\u4e2d\u7684KVM\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u5904\u7406\u5f02\u5e38\u60c5\u51b5\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u6216\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "Andy Lutomirski",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.linux-kvm.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09781",
  "openTime": "2018-05-18",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002KVM\uff08Kernel-based Virtual Machine\uff0c\u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a\uff09\u662f\u7528\u4e8e\u5176\u4e2d\u7684\u4e00\u79cd\u865a\u62df\u5316\u57fa\u7840\u8bbe\u65bd\u3002\r\n\r\nLinux kernel\u4e2d\u7684KVM\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u5904\u7406\u5f02\u5e38\u60c5\u51b5\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u6216\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel KVM\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Linux Kernel 4.16",
      "Linux Kernel 4.16-rc7",
      "Linux Kernel 4.17-rc1",
      "Linux Kernel 4.17-rc2",
      "Linux Kernel 4.17-rc3"
    ]
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2018/05/08/5",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-17",
  "title": "Linux kernel KVM\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2018-1087 (GCVE-0-2018-1087)

Vulnerability from cvelistv5

Published

2018-05-15 16:00

Modified

2024-08-05 03:51

Severity ?

8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-250

Summary

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:1347	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040862	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:1348	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4196	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:1355	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1345	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/vulnerabilities/pop_ss	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1318	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1524	vendor-advisory, x_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2018/05/08/5	x_refsource_MISC
	http://www.securityfocus.com/bid/104127	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3641-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3641-1/	vendor-advisory, x_refsource_UBUNTU