CVE-2018-1087

HIGH

kernel <4.16-4.17.3 - Use After Free

Title source: llm

Description

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.

References (14)

Core 14

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1348

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4196

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1347

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040862

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1355

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1345

Third Party Advisory x_refsource_misc

https://access.redhat.com/security/vulnerabilities/pop_ss

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1318

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1524

Mailing List x_refsource_misc

http://www.openwall.com/lists/oss-security/2018/05/08/5

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104127

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3641-2/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3641-1/

Scores

CVSS v3 8.0

EPSS 0.0077

EPSS Percentile 50.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-250

Status published

Products (21)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

debian/debian_linux 8.0

debian/debian_linux 9.0

linux/linux_kernel 4.16 (2 CPE variants)

linux/linux_kernel 4.17 rc1 (3 CPE variants)

redhat/enterprise_linux 7.0

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

... and 11 more

Published May 15, 2018

Tracked Since Feb 18, 2026