Improper check or handling of exceptional conditions in Linux kernel - CVE-2018-1087
Published: May 10, 2018
Vulnerability identifier: #VU12520
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1087
CWE-ID: CWE-703
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the Linux kernel KVM hypervisor due to improper handling of debug exceptions delivered after a stack switch operation via mov SS or pop SS instructions. During the stack switch operation, the exceptions are deferred. An adjacent attacker can cause the service to crash or gain root privileges.
The weakness exists in the Linux kernel KVM hypervisor due to improper handling of debug exceptions delivered after a stack switch operation via mov SS or pop SS instructions. During the stack switch operation, the exceptions are deferred. An adjacent attacker can cause the service to crash or gain root privileges.
How to mitigate CVE-2018-1087
Update to version 4.16-rc7.