Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 655294 (CVE-2018-1087) - kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087)
Summary: kernel: KVM: error in exception handling leads to wrong debug stack value (CV...
Status: RESOLVED FIXED
Alias: CVE-2018-1087
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal critical
Assignee: Gentoo Kernel Security
URL:
Whiteboard: A1 [stable blocked cve]
Keywords:
Depends on: 653956 653958
Blocks:
  Show dependency tree
 
Reported: 2018-05-08 19:25 UTC by GLSAMaker/CVETool Bot
Modified: 2022-03-26 00:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-05-08 19:25:49 UTC 
CVE-2018-1087 (https://nvd.nist.gov/vuln/detail/CVE-2018-1087):
  A flaw was found in the way the Linux kernel's KVM hypervisor handled
  exceptions delivered after a stack switch operation via Mov SS or Pop SS
  instructions. During the stack switch operation, the processor did not
  deliver interrupts and exceptions, rather they are delivered once the first
  instruction after the stack switch is executed. An unprivileged KVM guest
  user could use this flaw to crash the guest or, potentially, escalate their
  privileges in the guest.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-05-08 19:39:36 UTC 
Fixed in

>=sys-kernel/gentoo-sources-4.4.125, 4.4.128 is currently being stabilized in bug 653958

>=sys-kernel/gentoo-sources-4.9.91, 4.9.95 is currently being stabilized in bug 653956
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-26 00:41:32 UTC 
Fix in 4.9.91, 4.14.31, 4.16