Important kernel security update: CVE-2018-1087 and other; Virtuozzo ReadyKernel patch 51.1 for Virtuozzo 7.0.3 to 7.0.7 HF2

2018-05-1700:00:00

help.virtuozzo.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

26.9%

JSON

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported Virtuozzo 7.0 kernels.
Vulnerability id: CVE-2018-1087
A flaw was found in how KVM handled exceptions delivered after Mov SS or Pop SS instructions have encountered a breakpoint. As a result, exceptions passed to the guest kernel could have wrong values on the stack. An unprivileged KVM guest user could use this flaw to crash the guest kernel or, potentially, escalate their privileges in the guest system.

Vulnerability id: CVE-2018-1000199
The implementation of ptrace in the kernel does not handle errors correctly when working with the debug registers. As a result, the hardware breakpoints could become corrupted. An unprivileged user could exploit this flaw to crash the kernel resulting in a denial-of-service, or, potentially, to escalate their privileges in the system.

OSVersionArchitecturePackageVersionFilename
Virtuozzo7.0x86_64readykernel-patch-20.18< 51.1-1.vl7readykernel-patch-20.18-51.1-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-30.10< 51.1-1.vl7readykernel-patch-30.10-51.1-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-30.15< 51.1-1.vl7readykernel-patch-30.15-51.1-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-33.22< 51.1-1.vl7readykernel-patch-33.22-51.1-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-37.30< 51.1-1.vl7readykernel-patch-37.30-51.1-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-40.4< 51.1-1.vl7readykernel-patch-40.4-51.1-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-43.10< 51.1-1.vl7readykernel-patch-43.10-51.1-1.vl7.x86_64.rpm
Virtuozzo7.0x86_64readykernel-patch-46.7< 51.1-1.vl7readykernel-patch-46.7-51.1-1.vl7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Virtuozzo	7.0	x86_64	readykernel-patch-20.18	< 51.1-1.vl7	readykernel-patch-20.18-51.1-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-30.10	< 51.1-1.vl7	readykernel-patch-30.10-51.1-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-30.15	< 51.1-1.vl7	readykernel-patch-30.15-51.1-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-33.22	< 51.1-1.vl7	readykernel-patch-33.22-51.1-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-37.30	< 51.1-1.vl7	readykernel-patch-37.30-51.1-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-40.4	< 51.1-1.vl7	readykernel-patch-40.4-51.1-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-43.10	< 51.1-1.vl7	readykernel-patch-43.10-51.1-1.vl7.x86_64.rpm
Virtuozzo	7.0	x86_64	readykernel-patch-46.7	< 51.1-1.vl7	readykernel-patch-46.7-51.1-1.vl7.x86_64.rpm