Debian DSA-4196-1 : linux - security update

high Nessus Plugin ID 109658
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.

- CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM guest user to crash the guest or potentially escalate their privileges.

- CVE-2018-8897 Nick Peterson of Everdox Tech LLC discovered that #DB exceptions that are deferred by MOV SS or POP SS are not properly handled, allowing an unprivileged user to crash the kernel and cause a denial of service.

Solution

Upgrade the linux packages.

For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1+deb8u1. This update includes various fixes for regressions from 3.16.56-1 as released in DSA-4187-1 (Cf. #897427, #898067 and #898100).

For the stable distribution (stretch), these problems have been fixed in version 4.9.88-1+deb9u1. The fix for CVE-2018-1108 applied in DSA-4188-1 is temporarily reverted due to various regression, cf.
#897599.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897427

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897599

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898067

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898100

https://security-tracker.debian.org/tracker/CVE-2018-1087

https://security-tracker.debian.org/tracker/CVE-2018-8897

https://security-tracker.debian.org/tracker/CVE-2018-1108

https://security-tracker.debian.org/tracker/source-package/linux

https://packages.debian.org/source/jessie/linux

https://packages.debian.org/source/stretch/linux

https://www.debian.org/security/2018/dsa-4196

Plugin Details

Severity: High

ID: 109658

File Name: debian_DSA-4196.nasl

Version: 1.10

Type: local

Agent: unix

Published: 5/10/2018

Updated: 7/15/2019

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/8/2018

Vulnerability Publication Date: 5/8/2018

Exploitable With

Metasploit (Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability)

Reference Information

CVE: CVE-2018-1087, CVE-2018-8897

DSA: 4196