Bug 1097104 – VUL-0: CVE-2018-10853: kernel-source: kvm: guest userspace to guest kernel write

Bug 1097104 - (CVE-2018-10853) VUL-0: CVE-2018-10853: kernel-source: kvm: guest userspace to guest kernel write

(CVE-2018-10853)
Summary:	VUL-0: CVE-2018-10853: kernel-source: kvm: guest userspace to guest kernel write

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/207826/
Whiteboard:	CVSSv3:SUSE:CVE-2018-10021:4.7:(AV:L/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-06-12 06:40 UTC by Marcus Meissner
Modified:	2022-03-04 20:43 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-06-12 06:40:07 UTC

rh#1589890

A flaw was found in Linux Kernel KVM versions greater than and including 4.10. In which certain instructions such as sgdt/sidt call segmented_write_std doesn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. 


References:
https://patchwork.kernel.org/patch/10449159/

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1589890
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10853

Comment 1 Joerg Roedel 2018-06-12 15:07:22 UTC

Only SLE15 is affected and the upstream patch is still under discussion. I'll take care of that when the patch gets merged.

Comment 2 Joerg Roedel 2018-08-08 12:43:23 UTC

Upstream fix is:

  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6

Comment 3 Joerg Roedel 2018-08-08 13:28:35 UTC

(In reply to Joerg Roedel from comment #2)
> Upstream fix is:
> 
>  
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6

That commit has a Fixes tag, and the commit mentioned there is also in SLE12-SP1/2/3, so these branches are affected too.

Comment 4 Joerg Roedel 2018-08-14 11:28:15 UTC

Patch status:

SLE15: Fixes pushed and merged
SLE12-SP3: Already fixed through stable-updates (with 4.4.138 patches)
SLE12-SP2-LTSS: Fixes pushed
SLE12-SP1-LTSS: Fixes pushed

Comment 5 Swamp Workflow Management 2018-08-14 19:01:10 UTC

This is an autogenerated message for OBS integration:
This bug (1097104) was mentioned in
https://build.opensuse.org/request/show/629278 15.0 / kernel-source

Comment 7 Swamp Workflow Management 2018-08-17 10:35:48 UTC

openSUSE-SU-2018:2407-1: An update that solves 12 vulnerabilities and has 60 fixes is now available.

Category: security (important)
Bug References: 1065600,1081917,1083647,1086288,1086314,1086315,1086317,1086327,1086331,1086906,1087081,1087092,1089343,1090888,1097104,1097577,1097808,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1100132,1101116,1101828,1101832,1101833,1101837,1101839,1101841,1101843,1101844,1101845,1101847,1101852,1101853,1101867,1101872,1101874,1101875,1101882,1101883,1101885,1101887,1101890,1101891,1101893,1101895,1101896,1101900,1101902,1101903,1102340,1103097,1103269,1103277,1103363,1103445,1103886,1104066,1104211,1104319,1104353,1104365,1104427,1104494,1104495,1104708,1104777
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-3620,CVE-2018-3646,CVE-2018-5391
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.16.1, kernel-default-4.12.14-lp150.12.16.1, kernel-docs-4.12.14-lp150.12.16.1, kernel-kvmsmall-4.12.14-lp150.12.16.1, kernel-obs-build-4.12.14-lp150.12.16.1, kernel-obs-qa-4.12.14-lp150.12.16.1, kernel-source-4.12.14-lp150.12.16.1, kernel-syms-4.12.14-lp150.12.16.1, kernel-vanilla-4.12.14-lp150.12.16.1

Comment 8 Swamp Workflow Management 2018-08-20 13:13:38 UTC

SUSE-SU-2018:2450-1: An update that solves 12 vulnerabilities and has 88 fixes is now available.

Category: security (important)
Bug References: 1051510,1051979,1065600,1066110,1077761,1081917,1083647,1086274,1086288,1086314,1086315,1086317,1086327,1086331,1086906,1087081,1087092,1089343,1090888,1097104,1097577,1097808,1099811,1099813,1099844,1099845,1099846,1099849,1099858,1099863,1099864,1100132,1101116,1101331,1101669,1101822,1101828,1101832,1101833,1101837,1101839,1101841,1101843,1101844,1101845,1101847,1101852,1101853,1101867,1101872,1101874,1101875,1101882,1101883,1101885,1101887,1101890,1101891,1101893,1101895,1101896,1101900,1101902,1101903,1102633,1102658,1103097,1103269,1103277,1103356,1103363,1103421,1103445,1103517,1103723,1103724,1103725,1103726,1103727,1103728,1103729,1103730,1103886,1103917,1103920,1103948,1103949,1104066,1104111,1104174,1104211,1104319,1104353,1104365,1104427,1104494,1104495,1104708,1104777,1104897
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-3620,CVE-2018-3646,CVE-2018-5391
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.13.1, kernel-source-azure-4.12.14-5.13.1, kernel-syms-azure-4.12.14-5.13.1

Comment 9 Joerg Roedel 2018-08-22 12:51:27 UTC

Also backported fixes to SLE12-LTSS and pushed for merging.

Comment 10 Joerg Roedel 2018-08-22 12:51:50 UTC

All work done here now. Assigning back.

Comment 12 Swamp Workflow Management 2018-08-28 16:12:52 UTC

SUSE-SU-2018:2538-1: An update that solves four vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046307,1051510,1065600,1081917,1083647,1086288,1086315,1086317,1086327,1086331,1086906,1087092,1090888,1097104,1097577,1097583,1097584,1097585,1097586,1097587,1097588,1097808,1100132,1101480,1101669,1101822,1102517,1102715,1103269,1103277,1103363,1103445,1103886,1104353,1104365,1104427,1104482,1104494,1104495,1104683,1104708,1104777,1104890,1104897,1105292,1105296,1105322,1105355,1105378,1105396,1105467,1105731,802154,971975
CVE References: CVE-2018-10853,CVE-2018-10902,CVE-2018-15572,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.16.1, kernel-livepatch-SLE15_Update_4-1-1.3.1

Comment 13 Swamp Workflow Management 2018-08-28 16:22:03 UTC

SUSE-SU-2018:2539-1: An update that solves four vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046307,1051510,1065600,1081917,1083647,1086288,1086315,1086317,1086327,1086331,1086906,1087092,1090888,1097104,1097577,1097583,1097584,1097585,1097586,1097587,1097588,1097808,1100132,1101480,1101669,1101822,1102517,1102715,1103269,1103277,1103363,1103445,1103886,1104353,1104365,1104427,1104482,1104494,1104495,1104683,1104708,1104777,1104890,1104897,1105292,1105296,1105322,1105355,1105378,1105396,1105467,1105731,802154,971975
CVE References: CVE-2018-10853,CVE-2018-10902,CVE-2018-15572,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.16.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.16.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.16.1, kernel-obs-build-4.12.14-25.16.1, kernel-source-4.12.14-25.16.1, kernel-syms-4.12.14-25.16.1, kernel-vanilla-4.12.14-25.16.1, lttng-modules-2.10.0-5.6.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.16.1, kernel-source-4.12.14-25.16.1, kernel-zfcpdump-4.12.14-25.16.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.16.1

Comment 14 Marcus Meissner 2018-09-03 05:17:00 UTC

done

Comment 17 Swamp Workflow Management 2018-09-27 19:16:35 UTC

SUSE-SU-2018:2908-1: An update that solves 19 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.104.1

Comment 20 Swamp Workflow Management 2018-10-09 16:10:11 UTC

SUSE-SU-2018:3083-1: An update that solves 20 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1012382,1062604,1064232,1065999,1092903,1093215,1096547,1097104,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1100089,1102870,1103445,1104319,1104495,1104906,1105322,1105412,1106095,1106369,1106509,1106511,1107689,1108399,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.146.1, kernel-source-3.12.61-52.146.1, kernel-syms-3.12.61-52.146.1, kernel-xen-3.12.61-52.146.1, kgraft-patch-SLE12_Update_38-1-1.5.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.146.1

Comment 21 Swamp Workflow Management 2018-10-09 16:18:29 UTC

SUSE-SU-2018:3084-1: An update that solves 28 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 1012382,1042286,1062604,1064232,1065364,1082519,1082863,1084536,1085042,1088810,1089066,1092903,1094466,1095344,1096547,1097104,1099597,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099993,1099999,1100000,1100001,1100152,1102517,1102715,1102870,1103445,1104319,1104495,1105292,1105296,1105322,1105348,1105396,1105536,1106016,1106095,1106369,1106509,1106511,1106512,1106594,1107689,1107735,1107966,1108239,1108399,1109333
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14617,CVE-2018-14678,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555,CVE-2018-7480,CVE-2018-7757,CVE-2018-9363
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.95.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.95.1

Comment 22 Swamp Workflow Management 2019-04-27 22:21:06 UTC

SUSE-SU-2018:2908-2: An update that solves 19 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1, kgraft-patch-SLE12-SP1_Update_31-1-2.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2019-05-14 22:55:14 UTC

SUSE-SU-2019:1245-1: An update that solves 10 vulnerabilities and has 65 fixes is now available.

Category: security (important)
Bug References: 1012382,1020645,1020989,1031492,1047487,1051510,1053043,1062056,1063638,1066223,1070872,1085539,1087092,1094244,1096480,1096728,1097104,1100132,1105348,1106110,1106913,1106929,1111331,1112178,1113399,1114542,1114638,1114648,1114893,1118338,1118506,1119086,1120902,1122822,1125580,1126356,1127445,1129278,1129326,1129770,1130130,1130343,1130344,1130345,1130346,1130347,1130356,1130425,1130567,1130737,1131107,1131416,1131427,1131587,1131659,1131857,1131900,1131934,1131935,1131980,1132227,1132534,1132589,1132618,1132619,1132634,1132635,1132636,1132637,1132638,1132727,1132828,1133308,1133584,994770
CVE References: CVE-2018-1000204,CVE-2018-10853,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-15594,CVE-2018-5814,CVE-2019-11091,CVE-2019-3882,CVE-2019-9503
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.178-94.91.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.178-94.91.2, kernel-obs-build-4.4.178-94.91.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.178-94.91.2, kernel-source-4.4.178-94.91.1, kernel-syms-4.4.178-94.91.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.178-94.91.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.178-94.91.2, kernel-source-4.4.178-94.91.1, kernel-syms-4.4.178-94.91.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.178-94.91.2
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.178-94.91.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2019-05-21 06:07:38 UTC

SUSE-SU-2019:1245-1: An update that solves 10 vulnerabilities and has 65 fixes is now available.

Category: security (important)
Bug References: 1012382,1020645,1020989,1031492,1047487,1051510,1053043,1062056,1063638,1066223,1070872,1085539,1087092,1094244,1096480,1096728,1097104,1100132,1105348,1106110,1106913,1106929,1111331,1112178,1113399,1114542,1114638,1114648,1114893,1118338,1118506,1119086,1120902,1122822,1125580,1126356,1127445,1129278,1129326,1129770,1130130,1130343,1130344,1130345,1130346,1130347,1130356,1130425,1130567,1130737,1131107,1131416,1131427,1131587,1131659,1131857,1131900,1131934,1131935,1131980,1132227,1132534,1132589,1132618,1132619,1132634,1132635,1132636,1132637,1132638,1132727,1132828,1133308,1133584,994770
CVE References: CVE-2018-1000204,CVE-2018-10853,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-15594,CVE-2018-5814,CVE-2019-11091,CVE-2019-3882,CVE-2019-9503
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.178-94.91.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.178-94.91.2, kernel-obs-build-4.4.178-94.91.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.178-94.91.2, kernel-source-4.4.178-94.91.1, kernel-syms-4.4.178-94.91.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_25-1-4.3.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.178-94.91.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.178-94.91.2, kernel-source-4.4.178-94.91.1, kernel-syms-4.4.178-94.91.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.178-94.91.2
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.178-94.91.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2019-05-21 06:08:23 UTC

openSUSE-SU-2019:1407-1: An update that solves 14 vulnerabilities and has 90 fixes is now available.

Category: security (important)
Bug References: 1012382,1020645,1020989,1031492,1047487,1051510,1053043,1062056,1063638,1064388,1066223,1070872,1085539,1087092,1094244,1096480,1096728,1097104,1100132,1103186,1105348,1106110,1106913,1106929,1108293,1110785,1110946,1111331,1112063,1112178,1113399,1114542,1114638,1114648,1114893,1116803,1118338,1118506,1119086,1119974,1120902,1122776,1122822,1125580,1126040,1126356,1127445,1129138,1129278,1129326,1129770,1130130,1130343,1130344,1130345,1130346,1130347,1130356,1130425,1130567,1130737,1130972,1131107,1131416,1131427,1131488,1131587,1131659,1131857,1131900,1131934,1131935,1131980,1132212,1132227,1132534,1132589,1132618,1132619,1132634,1132635,1132636,1132637,1132638,1132727,1132828,1133188,1133308,1133584,1134160,1134162,1134537,1134564,1134565,1134566,1134651,1134760,1134848,1135013,1135014,1135015,1135100,843419,994770
CVE References: CVE-2018-1000204,CVE-2018-10853,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-15594,CVE-2018-17972,CVE-2018-5814,CVE-2019-11091,CVE-2019-11486,CVE-2019-11815,CVE-2019-11884,CVE-2019-3882,CVE-2019-9503
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.179-99.1, kernel-default-4.4.179-99.1, kernel-docs-4.4.179-99.1, kernel-obs-build-4.4.179-99.1, kernel-obs-qa-4.4.179-99.1, kernel-source-4.4.179-99.1, kernel-syms-4.4.179-99.1, kernel-vanilla-4.4.179-99.1