Описание
Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2)
This update for the Linux Kernel 4.4.121-92_92 fixes one issue.
The following security issue was fixed:
- CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed, which could be used by guest users to crash the guest kernel (bsc#1097108).
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
kgraft-patch-3_12_74-60_64_99-default-2-2.1
kgraft-patch-3_12_74-60_64_99-xen-2-2.1
SUSE Linux Enterprise Server 12 SP2-LTSS
kgraft-patch-4_4_121-92_92-default-2-2.1
SUSE Linux Enterprise Server 12-LTSS
kgraft-patch-3_12_61-52_141-default-2-2.1
kgraft-patch-3_12_61-52_141-xen-2-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
kgraft-patch-3_12_74-60_64_99-default-2-2.1
kgraft-patch-3_12_74-60_64_99-xen-2-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
kgraft-patch-4_4_121-92_92-default-2-2.1
Ссылки
- Link for SUSE-SU-2018:2684-1
- E-Mail link for SUSE-SU-2018:2684-1
- SUSE Security Ratings
- SUSE Bug 1097108
- SUSE CVE CVE-2018-10853 page
Описание
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_99-default-2-2.1
SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_99-xen-2-2.1
SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_121-92_92-default-2-2.1
SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_141-default-2-2.1
Ссылки
- CVE-2018-10853
- SUSE Bug 1097104
- SUSE Bug 1097108