製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel における認可・権限・アクセス制御に関する脆弱性

Title	Linux Kernel における認可・権限・アクセス制御に関する脆弱性
Summary	Linux Kernel には、認可・権限・アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 8, 2018, midnight
Registration Date	July 6, 2018, 6:21 p.m.
Last Update	July 6, 2018, 6:21 p.m.

CVSS3.0 : 重要
Score	7.8
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS2.0 : 警告
Score	4.6
Vector	AV:L/AC:L/Au:N/C:P/I:P/A:P

Affected System

レッドハット

Red Hat Enterprise Linux

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server AUS

Red Hat Enterprise Linux Server EUS

Red Hat Enterprise Linux Server TUS

Red Hat Enterprise Linux Workstation

Red Hat Enterprise Virtualization

Debian

Debian GNU/Linux

Canonical

Ubuntu

Linux

Linux Kernel 4.16

Linux Kernel 4.16-rc7

Linux Kernel 4.17-rc1

Linux Kernel 4.17-rc2

Linux Kernel 4.17-rc3

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-1087	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1087
National Vulnerability Database (NVD)
2	CVE-2018-1087	https://nvd.nist.gov/vuln/detail/CVE-2018-1087

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-4196	https://www.debian.org/security/2018/dsa-4196
Linux Kernel
2	Linux Kernel Archives	http://www.kernel.org
Red Hat Bugzilla
3	Bug 1566837	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087
Red Hat Customer Portal
4	POP SS debug exception - CVE-2018-8897 [Moderate] & CVE-2018-1087 [Important]	https://access.redhat.com/security/vulnerabilities/pop_ss
Red Hat Security Advisory
5	RHSA-2018:1318	https://access.redhat.com/errata/RHSA-2018:1318
6	RHSA-2018:1345	https://access.redhat.com/errata/RHSA-2018:1345
7	RHSA-2018:1347	https://access.redhat.com/errata/RHSA-2018:1347
8	RHSA-2018:1348	https://access.redhat.com/errata/RHSA-2018:1348
9	RHSA-2018:1355	https://access.redhat.com/errata/RHSA-2018:1355
10	RHSA-2018:1524	https://access.redhat.com/errata/RHSA-2018:1524
Ubuntu Security Notice
11	USN-3641-1	https://usn.ubuntu.com/3641-1/
12	USN-3641-2	https://usn.ubuntu.com/3641-2/

Change Log

No	Changed Details	Date of change
1	[2018年07月06日] 掲載	July 6, 2018, 6:21 p.m.

NVD Vulnerability Information

CVE-2018-1087

Summary	kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.
Publication Date	May 16, 2018, 1:29 a.m.
Registration Date	March 1, 2021, 6:44 p.m.
Last Update	Nov. 21, 2024, 12:59 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel:4.16:::::::*
cpe:2.3:o:linux:linux_kernel:4.17:rc1::::::
cpe:2.3:o:linux:linux_kernel:4.17:rc2::::::
cpe:2.3:o:linux:linux_kernel:4.17:rc3::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc7::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_virtualization:4.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2018/05/08/5	Mailing List
2	http://www.openwall.com/lists/oss-security/2018/05/08/5	Mailing List
3	http://www.securityfocus.com/bid/104127	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/104127	Third Party Advisory VDB Entry
5	http://www.securitytracker.com/id/1040862	Third Party Advisory VDB Entry
6	http://www.securitytracker.com/id/1040862	Third Party Advisory VDB Entry
7	https://access.redhat.com/errata/RHSA-2018:1318	Third Party Advisory
8	https://access.redhat.com/errata/RHSA-2018:1318	Third Party Advisory
9	https://access.redhat.com/errata/RHSA-2018:1345	Third Party Advisory
10	https://access.redhat.com/errata/RHSA-2018:1345	Third Party Advisory
11	https://access.redhat.com/errata/RHSA-2018:1347	Third Party Advisory
12	https://access.redhat.com/errata/RHSA-2018:1347	Third Party Advisory
13	https://access.redhat.com/errata/RHSA-2018:1348	Third Party Advisory
14	https://access.redhat.com/errata/RHSA-2018:1348	Third Party Advisory
15	https://access.redhat.com/errata/RHSA-2018:1355	Third Party Advisory
16	https://access.redhat.com/errata/RHSA-2018:1355	Third Party Advisory
17	https://access.redhat.com/errata/RHSA-2018:1524	Third Party Advisory
18	https://access.redhat.com/errata/RHSA-2018:1524	Third Party Advisory
19	https://access.redhat.com/security/vulnerabilities/pop_ss	Third Party Advisory
20	https://access.redhat.com/security/vulnerabilities/pop_ss	Third Party Advisory
21	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087	Issue Tracking
22	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087	Issue Tracking
23	https://usn.ubuntu.com/3641-1/	Third Party Advisory
24	https://usn.ubuntu.com/3641-1/	Third Party Advisory
25	https://usn.ubuntu.com/3641-2/	Third Party Advisory
26	https://usn.ubuntu.com/3641-2/	Third Party Advisory
27	https://www.debian.org/security/2018/dsa-4196	Third Party Advisory
28	https://www.debian.org/security/2018/dsa-4196	Third Party Advisory

Common Vulnerabilities List

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_virtualization:4.0:::::::*