Vulnerability CVE-2018-1087


Published: 2018-05-15

Description:
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Redhat
Product: Enterprise linux server eus 
Version:
7.5
7.4
7.3
Product: Enterprise linux server aus 
Version:
7.4
7.3
7.2
Product: Enterprise linux server tus 
Version:
7.4
7.3
7.2
Product: Enterprise linux 
Version: 7.0;
Product: Enterprise linux server 
Version: 7.0;
Product: Enterprise linux desktop 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;
Product: Enterprise linux virtualization 
Version: 4.0;
Vendor: Linux
Product: Linux kernel 
Version: 4.17; 4.16;
Vendor: Canonical
Product: Ubuntu linux 
Version:
17.10
16.04
14.04

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.openwall.com/lists/oss-security/2018/05/08/5
http://www.securityfocus.com/bid/104127
http://www.securitytracker.com/id/1040862
https://access.redhat.com/errata/RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1345
https://access.redhat.com/errata/RHSA-2018:1347
https://access.redhat.com/errata/RHSA-2018:1348
https://access.redhat.com/errata/RHSA-2018:1355
https://access.redhat.com/errata/RHSA-2018:1524
https://access.redhat.com/security/vulnerabilities/pop_ss
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087
https://usn.ubuntu.com/3641-1/
https://usn.ubuntu.com/3641-2/
https://www.debian.org/security/2018/dsa-4196

Related CVE
CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly i...
CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
CVE-2019-3459
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVE-2019-0816
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio...
CVE-2018-3979
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can...
CVE-2019-8956
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

Copyright 2019, cxsecurity.com

 

Back to Top