Bug 655294 (CVE-2018-1087)

Summary:	kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Kernel	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED FIXED
Severity:	critical	CC:	arthur, kernel
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	A1 [stable blocked cve]
Package list:		Runtime testing required:	---
Bug Depends on:	653956, 653958
Bug Blocks:

Description GLSAMaker/CVETool Bot gentoo-dev

2018-05-08 19:25:49 UTC

CVE-2018-1087 (https://nvd.nist.gov/vuln/detail/CVE-2018-1087):
  A flaw was found in the way the Linux kernel's KVM hypervisor handled
  exceptions delivered after a stack switch operation via Mov SS or Pop SS
  instructions. During the stack switch operation, the processor did not
  deliver interrupts and exceptions, rather they are delivered once the first
  instruction after the stack switch is executed. An unprivileged KVM guest
  user could use this flaw to crash the guest or, potentially, escalate their
  privileges in the guest.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-05-08 19:29:00 UTC

Upstream fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32d43cd391bacb5f0814c2624399a5dad3501d09

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2018-05-08 19:39:36 UTC

Fixed in

>=sys-kernel/gentoo-sources-4.4.125, 4.4.128 is currently being stabilized in bug 653958

>=sys-kernel/gentoo-sources-4.9.91, 4.9.95 is currently being stabilized in bug 653956

Comment 3 John Helmert III archtester

2022-03-26 00:41:32 UTC

Fix in 4.9.91, 4.14.31, 4.16