kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2018/05/08/5 | Mailing List |
http://www.securityfocus.com/bid/104127 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1040862 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2018:1318 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:1345 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:1347 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:1348 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:1355 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:1524 | Third Party Advisory |
https://access.redhat.com/security/vulnerabilities/pop_ss | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087 | Issue Tracking |
https://usn.ubuntu.com/3641-1/ | Third Party Advisory |
https://usn.ubuntu.com/3641-2/ | Third Party Advisory |
https://www.debian.org/security/2018/dsa-4196 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-05-15T16:00:00
Updated: 2018-05-29T09:57:01
Reserved: 2017-12-04T00:00:00
Link: CVE-2018-1087
JSON object: View
NVD Information
Status : Modified
Published: 2018-05-15T16:29:00.207
Modified: 2019-10-09T23:38:05.240
Link: CVE-2018-1087
JSON object: View
Redhat Information
No data.