Variant4
|
Size: 2036
Comment:
|
Size: 2218
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## page was copied from SecurityTeam/KnowledgeBase/Pop_SS | |
| Line 3: | Line 4: |
| Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. (CVE-2018-8897) | Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. ([[https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8897|CVE-2018-8897]]) |
| Line 5: | Line 6: |
| Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not properly emulate the ICEBP instruction following a MOV/POP to SS instruction. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. (CVE-2018-1087) | Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not properly emulate the ICEBP instruction following a MOV/POP to SS instruction. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. ([[https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1087|CVE-2018-1087]]) |
| Line 7: | Line 8: |
| These issues were fixed in the Linux kernel by commits [[https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9|`x86/entry/64: Don't use IST entry for #BP stack`]] and [[https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09|`kvm/x86: fix icebp instruction handling`]]. Ubuntu 17.10, 16.04 LTS, 14.04 LTS, and 12.04 ESM were affected. To address the issues, the majority of users should ensure that linux-image-4.13.0-41-generic 4.13.0-41.46 (Ubuntu 17.10), linux-image-4.4.0-124-generic 4.4.0-124.148 (Ubuntu 16.04 LTS), linux-image-3.13.0-147-generic 3.13.0-147.196 (Ubuntu 14.04 LTS), or linux-image-3.2.0-134-generic 3.2.0-134.180 (Ubuntu 12.04 ESM) is installed. Users of non-generic Ubuntu kernels should consult the published Ubuntu Security Notices for version information. These updates will be announced in USN 3641-1 (Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10) and USN 3641-2 (Ubuntu 12.04 ESM). | These issues were fixed in the Linux kernel by commits [[https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9|`x86/entry/64: Don't use IST entry for #BP stack`]] and [[https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09|`kvm/x86: fix icebp instruction handling`]]. Ubuntu 17.10, 16.04 LTS, 14.04 LTS, and 12.04 ESM were affected. To address the issues, the majority of users should ensure that linux-image-4.13.0-41-generic 4.13.0-41.46 (Ubuntu 17.10), linux-image-4.4.0-124-generic 4.4.0-124.148 (Ubuntu 16.04 LTS), linux-image-3.13.0-147-generic 3.13.0-147.196 (Ubuntu 14.04 LTS), or linux-image-3.2.0-134-generic 3.2.0-134.180 (Ubuntu 12.04 ESM) is installed. Users of non-generic Ubuntu kernels should consult the published Ubuntu Security Notices for version information. These updates were announced in [[https://usn.ubuntu.com/3641-2/|USN 3641-1]] (Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10) and [[https://usn.ubuntu.com/3641-2/|USN 3641-2]] (Ubuntu 12.04 ESM). |
| Line 12: | Line 13: |
==== Cloud Image Updates ==== Cloud image updates are expected once mitigations are available. ==== Core Image Updates ==== An Ubuntu Core image update is expected once mitigations are available. |
* 2018 May 08: USNS [[https://usn.ubuntu.com/3641-1/|3641-1]] and [[https://usn.ubuntu.com/3641-2/|3641-2]] are published |
Kernel Exception Handling Flaws After MOV/POP to SS Instructions (CVE-2018-8897, CVE-2018-1087)
Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. (CVE-2018-8897)
Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not properly emulate the ICEBP instruction following a MOV/POP to SS instruction. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. (CVE-2018-1087)
These issues were fixed in the Linux kernel by commits `x86/entry/64: Don't use IST entry for #BP stack` and `kvm/x86: fix icebp instruction handling`. Ubuntu 17.10, 16.04 LTS, 14.04 LTS, and 12.04 ESM were affected. To address the issues, the majority of users should ensure that linux-image-4.13.0-41-generic 4.13.0-41.46 (Ubuntu 17.10), linux-image-4.4.0-124-generic 4.4.0-124.148 (Ubuntu 16.04 LTS), linux-image-3.13.0-147-generic 3.13.0-147.196 (Ubuntu 14.04 LTS), or linux-image-3.2.0-134-generic 3.2.0-134.180 (Ubuntu 12.04 ESM) is installed. Users of non-generic Ubuntu kernels should consult the published Ubuntu Security Notices for version information. These updates were announced in USN 3641-1 (Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10) and USN 3641-2 (Ubuntu 12.04 ESM).
Timeline
SecurityTeam/KnowledgeBase/Variant4 (last edited 2025-04-17 11:51:20 by lucistanescu)