ID

VAR-201805-0950

CVE

CVE-2018-8897

TITLE

Hardware debug exception documentation may result in unexpected behavior

DESCRIPTION

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. 6.6) - noarch, x86_64 3. Bug Fix(es): * If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1538588) * The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554254) 4. These CVEs are both related to the way that the linux kernel handles certain interrupt and exception instructions. The issue can be triggered by an unprivileged user. The fix for this problem requires modification of the interrupt descriptor tables (IDT), and modification of the interrupt handlers. Livepatch is unable to safely modify these areas, so upgrading to a corrected kernel and rebooting is required to fix the problem. References: CVE-2018-1087, CVE-2018-8897 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. (BZ#1549768) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2018:1318-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1318 Issue date: 2018-05-08 CVE Names: CVE-2017-16939 CVE-2018-1068 CVE-2018-1087 CVE-2018-1091 CVE-2018-8897 CVE-2018-1000199 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) * kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3431641 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1517220 - CVE-2017-16939 Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation 1552048 - CVE-2018-1068 kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c 1558149 - CVE-2018-1091 kernel: guest kernel crash during core dump on POWER9 host 1566837 - CVE-2018-1087 Kernel: KVM: error in exception handling leads to wrong debug stack value 1567074 - CVE-2018-8897 Kernel: error in exception handling leads to DoS 1568477 - CVE-2018-1000199 kernel: ptrace() incorrect error handling leads to corruption and DoS 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-862.2.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-headers-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm perf-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-862.2.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-headers-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm perf-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-862.2.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm ppc64: kernel-3.10.0-862.2.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.2.3.el7.ppc64.rpm kernel-debug-3.10.0-862.2.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.2.3.el7.ppc64.rpm kernel-devel-3.10.0-862.2.3.el7.ppc64.rpm kernel-headers-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.ppc64.rpm perf-3.10.0-862.2.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm python-perf-3.10.0-862.2.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.2.3.el7.ppc64le.rpm perf-3.10.0-862.2.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm s390x: kernel-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.2.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.2.3.el7.s390x.rpm kernel-devel-3.10.0-862.2.3.el7.s390x.rpm kernel-headers-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.2.3.el7.s390x.rpm perf-3.10.0-862.2.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm python-perf-3.10.0-862.2.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm x86_64: kernel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-headers-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm perf-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm ppc64le: kernel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.2.3.el7.ppc64le.rpm perf-3.10.0-862.2.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm s390x: kernel-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.2.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.2.3.el7.s390x.rpm kernel-devel-3.10.0-862.2.3.el7.s390x.rpm kernel-headers-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.2.3.el7.s390x.rpm perf-3.10.0-862.2.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm python-perf-3.10.0-862.2.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: kernel-doc-3.10.0-862.2.3.el7.noarch.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-862.2.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-headers-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm perf-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-16939 https://access.redhat.com/security/cve/CVE-2018-1068 https://access.redhat.com/security/cve/CVE-2018-1087 https://access.redhat.com/security/cve/CVE-2018-1091 https://access.redhat.com/security/cve/CVE-2018-8897 https://access.redhat.com/security/cve/CVE-2018-1000199 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3431641 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa8evCXlSAg2UNWIIRArfVAJkBoBiLSeqFIz+baibVTReRFZDjygCff6YB NvzATG53DXsBLux92Ow7M4o= =Sknh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Intel Architecture (processor architecture) is a CPU specification developed by Intel Corporation for its processor. There are security vulnerabilities in the operating systems of multiple vendors. Systems from the following vendors are affected: Apple; DragonFly BSD Project; FreeBSD Project; Linux Kernel; Microsoft; Red Hat; SUSE Linux; Ubuntu; Vmware; Xen. ========================================================================== Ubuntu Security Notice USN-3641-2 May 08, 2018 linux, linux-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for Ubuntu 12.04 ESM. Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. (CVE-2018-1087) Andy Lutomirski discovered that the Linux kernel did not properly perform error handling on virtualized debug registers. (CVE-2018-1000199) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-147-generic 3.13.0-147.196~precise1 linux-image-3.13.0-147-generic-lpae 3.13.0-147.196~precise1 linux-image-3.2.0-134-generic 3.2.0-134.180 linux-image-3.2.0-134-generic-pae 3.2.0-134.180 linux-image-3.2.0-134-highbank 3.2.0-134.180 linux-image-3.2.0-134-omap 3.2.0-134.180 linux-image-3.2.0-134-powerpc-smp 3.2.0-134.180 linux-image-3.2.0-134-powerpc64-smp 3.2.0-134.180 linux-image-3.2.0-134-virtual 3.2.0-134.180 linux-image-generic 3.2.0.134.149 linux-image-generic-lpae-lts-trusty 3.13.0.147.138 linux-image-generic-lts-trusty 3.13.0.147.138 linux-image-generic-pae 3.2.0.134.149 linux-image-highbank 3.2.0.134.149 linux-image-omap 3.2.0.134.149 linux-image-powerpc 3.2.0.134.149 linux-image-powerpc-smp 3.2.0.134.149 linux-image-powerpc64-smp 3.2.0.134.149 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/ht ml/technical_notes/ 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1357247 - rhvh 4: reboot after install shows "4m[terminated]" and takes long to reboot 1374007 - [RFE] RHV-H does not default to LVM Thin Provisioning 1420068 - [RFE] RHV-H should meet NIST 800-53 partitioning requirements by default 1422676 - [Test Only] Test Ansible playbook for registration 1429485 - [RFE] Imgbased layers should be named with '%{name}-%{version}-%{release}' instead of %{name}-%{version} 1433394 - kdump could fill up /var filesystem while writing to /var/crash 1443965 - Libvirt is disabled on RHVH host 1454536 - HostedEngine setup fails if RHV-H timezone < UTC set during installation 1474268 - RHVH host displays "upgrade available" information on the engine after registering until an update is released 1489567 - Host Software tab does not show exact RHVH version anymore 1501161 - The version displays as "4.1" for subscribed product with RHVH 4.2 1502920 - File missing after upgrade of RHVH node from version RHVH-4.1-20170925.0 to latest. 1503148 - [RFE] translate between basic ntp configurations and chrony configurations 1516123 - tuned-adm timeout while adding the host in manager and the deployment will fail/take time to complete 1534855 - RHVH brand is missing on cockpit login screen. 6.7) - i386, ppc64, s390x, x86_64 3. (BZ#1554253) 4. 6.5) - x86_64 3. (BZ#1554256) 4. CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM guest user to crash the guest or potentially escalate their privileges. For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1+deb8u1. This update includes various fixes for regressions from 3.16.56-1 as released in DSA-4187-1 (Cf. For the stable distribution (stretch), these problems have been fixed in version 4.9.88-1+deb9u1. The fix for CVE-2018-1108 applied in DSA-4188-1 is temporarily reverted due to various regression, cf. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlryHFFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SMQA/9HoJDt2OdyqqtfNUuWfP3sgGV1QVjIJnF39unKRdIaGw9m0RHQUu1G3rC cgxcYcpQ0h10Yy5KVh4APqt55K7aVWVQT6xB0yx2VddMEwwl3rp2r/eL7EtoOkQT zZW5JponzlEAjC9uGk7CouA7z/qFtd5awufFhAjMF5eL4ZQ6pG8wWEbae6DbU9nz c7F+okC4hL6yPuWVEWzTRUFK1W0hs2N+VQgHV/afZaMAAooeZJDJeq1Hn/PVYvwJ IHSOs01+kn0OUFHkVRA7kVdFAYUJlfhsDcXd9nB/lkxhc/HNI1g/dK76mRxjsiMo pJlkPbEmZlOtmNG7vogxEp72ab24j2CITIHiID7ftZH5R/I2CSxp2dIzRVKdmP6P tsfh/KcpUMNwwiPiGed1DMCjtsHOodBOkLtVsoHHJVMZg2xqfCrlqNRUn9o+0DcR gO7HBsWG9K1qvSBWuRtQLT8QP00P3dSdhHmfWyfN8eJxTot+WJuMF/o+jbF6GGrZ lPmzWqg4oL7jvQO8nlEkatjIFejEg0jmt+rCXyEbK8Uc9xjJk35GKIZne5X09BFe 36zY7HbMlPvLP/VHSb6fcPBpQo/HuG0/htAB1HpWS1fPrth1J76g2EmwFSG5Lo51 IRxTXP4UZuOL1sJHQ80220tThKs2dk1Yy77dKk8qQiQ2nC2JgNs= =CskH -----END PGP SIGNATURE----- . CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could result in denial of service. CVE-2018-10472 Anthony Perard discovered that incorrect parsing of CDROM images can result in information disclosure. CVE-2018-10981 Jan Beulich discovered that malformed device models could result in denial of service. CVE-2018-10982 Roger Pau Monne discovered that incorrect handling of high precision event timers could result in denial of service and potentially privilege escalation

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

Design Error

EXPLOIT AVAILABILITY

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-11-20T19:37:12.813000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE