Security vulnerability : "POPSS" flaw (CVE-2018-8897).

  • 7022916
  • 03-May-2018
  • 17-May-2018

Environment

SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 11

Situation

A new implementation flaw has been identified that is specific to the x86 architecture.
 
The "MOV SS" and "POP SS" instructions on the x86 CPU platform have some semantics that differ from other instructions, delaying effects until the next instruction.
 
This includes single stepping debug exceptions which only happens one instruction later than usual which, depending on the instruction following, could then be executed at a different privilege level. e.g. a SYSCALL instruction directly following above instructions could cause the debug exception delivered with a root privileges to user code.
 
This could be used to crash the system, or to elevate privileges, depending on existing code patterns.

Resolution

SUSE has released the following updates :


SLES 12 SP3
  • kernel 4.4.126-94.22.1,  released Monday, 23rd of April 2018
  • xen-4.9.2_04-3.29.1,  released Wednesday, 9th of May 2018

SLES 12 SP2 - LTSS

  • kernel 4.4.121-92.73.1,  released Tuesday, 8th of May 2018
  • xen-4.7.5_02-43.30.1,  released Friday 11th of May 2018

SLES 12 SP1 - LTSS

  • kernel 3.12.74-60.64.88.1,  released Friday 11th of May 2018
  • xen-4.5.5_24-22.46.1,  released Thursday 10th of May 2018

SLES 12 GA - LTSS

  • kernel 3.12.61-52.128.1,  released Friday 11th of May 2018
  • xen-4.4.4_30-22.65.1,  released Wednesday, 9th of May 2018

SLES 11 SP4

  • kernel 3.0.101-108.41.1,  released Tuesday, 8th of May 2018
  • xen-4.4.4_30-61.26.1,  released Wednesday, 9th of May 2018

SLES 11 SP3 - LTSS

  • kernel 3.0.101-0.47.106.22.1,  released Tuesday, 8th of May 2018
  • xen-4.2.5_21-45.22.1,  released Thursday 10th of May 2018

Cause

- CVE-2018-8897: The regular Linux kernel could be crashed by local users.
- CVE-2018-8897: A local user in a XEN guest could break out of the hypervisor.
- CVE-2018-1087: A local user in a KVM guest could gain root privilege inside the guest.

Additional Information

All SUSE Linux Enterprise versions are affected by these problems.
 
The issue is fully resolved with Linux Kernel updates for the Linux kernel and KVM, and XEN updates for the XEN part.

Important note :
  • The mitigations for this problem have no performance impact.
  • As this problem is about insufficiently understood x86 CPU instructions in Operating System and Hypervisors, it is independent of the x86 processor revision in use.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.