CVE-2018-1087Execution with Unnecessary Privileges in KVM

CWE-250Execution with Unnecessary Privileges9 documents8 sources
Severity
7.8HIGHNVD
CNA8.0
EPSS
0.0%
top 91.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Linux KernelKernel KVMCanonical Ubuntu Linux+9 more
Timeline
PublishedMay 15
Latest updateMay 13

Description

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

Debianlinux/linux_kernel< 4.15.17-1+3
NVDlinux/linux_kernel4.16, 4.17+1
CVEListV5kernel/kvm5 versions+4

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.0, 7.2, 7.3, 7.4, 7.5

🔴Vulnerability Details

3
GHSA
GHSA-j658-wqr4-q3w7: kernel KVM before versions kernel 42022-05-13
CVEList
CVE-2018-1087: kernel KVM before versions kernel 42018-05-15
OSV
CVE-2018-1087: kernel KVM before versions kernel 42018-05-15

📋Vendor Advisories

4
Ubuntu
Linux kernel vulnerabilities2018-05-08
Ubuntu
Linux kernel vulnerabilities2018-05-08
Red Hat
Kernel: KVM: error in exception handling leads to wrong debug stack value2018-05-08
Debian
CVE-2018-1087: linux - kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel...2018

💬Community

1
Bugzilla
CVE-2018-1087 Kernel: KVM: error in exception handling leads to wrong debug stack value2018-04-13
CVE-2018-1087 — Execution with Unnecessary Privileges | cvebase