A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
http://www.openwall.com/lists/oss-security/2017/06/23/5
http://www.securityfocus.com/bid/99263
http://www.securitytracker.com/id/1038782
https://access.redhat.com/articles/3290921
https://access.redhat.com/errata/RHSA-2018:0395
https://access.redhat.com/errata/RHSA-2018:0412
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3754-1/
Source: MITRE
Published: 2018-07-30
Updated: 2019-10-09
Type: CWE-755
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
OR
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
130736 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274) | Nessus | Huawei Local Security Checks | critical |
127165 | NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0014) | Nessus | NewStart CGSL Local Security Checks | high |
124953 | EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450) | Nessus | Huawei Local Security Checks | medium |
124834 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512) | Nessus | Huawei Local Security Checks | high |
121997 | Photon OS 2.0: Linux PHSA-2018-2.0-0101 | Nessus | PhotonOS Local Security Checks | high |
119423 | Photon OS 2.0: Linux PHSA-2018-2.0-0101 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
112113 | Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3754-1) | Nessus | Ubuntu Local Security Checks | high |
109158 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0035) (Dirty COW) (Meltdown) (Spectre) | Nessus | OracleVM Local Security Checks | high |
109156 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4071) (Dirty COW) (Meltdown) (Spectre) | Nessus | Oracle Linux Local Security Checks | high |
109114 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0033) | Nessus | OracleVM Local Security Checks | high |
109008 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4062) | Nessus | Oracle Linux Local Security Checks | high |
108878 | Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2) | Nessus | Ubuntu Local Security Checks | high |
108842 | Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1) | Nessus | Ubuntu Local Security Checks | high |
107271 | CentOS 7 : kernel (CESA-2018:0395) | Nessus | CentOS Local Security Checks | medium |
107210 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20180306) | Nessus | Scientific Linux Local Security Checks | medium |
107203 | Oracle Linux 7 : kernel (ELSA-2018-0395) | Nessus | Oracle Linux Local Security Checks | medium |
107189 | RHEL 7 : kernel-rt (RHSA-2018:0412) | Nessus | Red Hat Local Security Checks | medium |
107186 | RHEL 7 : kernel (RHSA-2018:0395) | Nessus | Red Hat Local Security Checks | medium |
104374 | SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2920-1) (KRACK) (Stack Clash) | Nessus | SuSE Local Security Checks | critical |
104271 | SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash) | Nessus | SuSE Local Security Checks | critical |
104253 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK) | Nessus | SuSE Local Security Checks | high |
103365 | Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash) | Nessus | Debian Local Security Checks | high |
101348 | openSUSE Security Update : the Linux Kernel (openSUSE-2017-798) (Stack Clash) | Nessus | SuSE Local Security Checks | high |