CVE-2018-1087 — HIGH (8.0) — White Hats Nepal

Vulnerability Description

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.

CVSS Score

8.0

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	4.16
Canonical	Ubuntu Linux	14.04
Debian	Debian Linux	8.0
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.2
Redhat	Enterprise Linux Server Eus	7.3
Redhat	Enterprise Linux Server Tus	7.2
Redhat	Enterprise Linux Virtualization	4.0
Redhat	Enterprise Linux Workstation	7.0

Related Weaknesses (CWE)

CWE-250

References

http://www.openwall.com/lists/oss-security/2018/05/08/5Mailing List
http://www.securityfocus.com/bid/104127Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040862Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:1318Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1345Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1347Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1348Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1355Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1524Third Party Advisory
https://access.redhat.com/security/vulnerabilities/pop_ssThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087Issue Tracking
https://usn.ubuntu.com/3641-1/Third Party Advisory
https://usn.ubuntu.com/3641-2/Third Party Advisory
https://www.debian.org/security/2018/dsa-4196Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/05/08/5Mailing List

FAQ

What is CVE-2018-1087?

CVE-2018-1087 is a vulnerability with a CVSS score of 8.0 (HIGH). kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions de...

How severe is CVE-2018-1087?

CVE-2018-1087 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1087?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.