Lucene search

K
virtuozzoVirtuozzoVZA-2018-030
HistoryMay 17, 2018 - 12:00 a.m.

Important kernel security update: CVE-2018-1087 and other; Virtuozzo ReadyKernel patch 51.1 for Virtuozzo 7.0.3 to 7.0.7 HF2

2018-05-1700:00:00
help.virtuozzo.com
34

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.2%

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported Virtuozzo 7.0 kernels.
Vulnerability id: CVE-2018-1087
A flaw was found in how KVM handled exceptions delivered after Mov SS or Pop SS instructions have encountered a breakpoint. As a result, exceptions passed to the guest kernel could have wrong values on the stack. An unprivileged KVM guest user could use this flaw to crash the guest kernel or, potentially, escalate their privileges in the guest system.

Vulnerability id: CVE-2018-1000199
The implementation of ptrace in the kernel does not handle errors correctly when working with the debug registers. As a result, the hardware breakpoints could become corrupted. An unprivileged user could exploit this flaw to crash the kernel resulting in a denial-of-service, or, potentially, to escalate their privileges in the system.

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.2%