Security vulnerability : "POPSS" flaw (CVE-2018-8897).

This document (7022916) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 11

Situation

A new implementation flaw has been identified that is specific to the x86 architecture.
 
The "MOV SS" and "POP SS" instructions on the x86 CPU platform have some semantics that differ from other instructions, delaying effects until the next instruction.
 
This includes single stepping debug exceptions which only happens one instruction later than usual which, depending on the instruction following, could then be executed at a different privilege level. e.g. a SYSCALL instruction directly following above instructions could cause the debug exception delivered with a root privileges to user code.
 
This could be used to crash the system, or to elevate privileges, depending on existing code patterns.

Resolution

SUSE has released the following updates :


SLES 12 SP3
  • kernel 4.4.126-94.22.1,  released Monday, 23rd of April 2018
  • xen-4.9.2_04-3.29.1,  released Wednesday, 9th of May 2018

SLES 12 SP2 - LTSS

  • kernel 4.4.121-92.73.1,  released Tuesday, 8th of May 2018
  • xen-4.7.5_02-43.30.1,  released Friday 11th of May 2018

SLES 12 SP1 - LTSS

  • kernel 3.12.74-60.64.88.1,  released Friday 11th of May 2018
  • xen-4.5.5_24-22.46.1,  released Thursday 10th of May 2018

SLES 12 GA - LTSS

  • kernel 3.12.61-52.128.1,  released Friday 11th of May 2018
  • xen-4.4.4_30-22.65.1,  released Wednesday, 9th of May 2018

SLES 11 SP4

  • kernel 3.0.101-108.41.1,  released Tuesday, 8th of May 2018
  • xen-4.4.4_30-61.26.1,  released Wednesday, 9th of May 2018

SLES 11 SP3 - LTSS

  • kernel 3.0.101-0.47.106.22.1,  released Tuesday, 8th of May 2018
  • xen-4.2.5_21-45.22.1,  released Thursday 10th of May 2018

Cause

- CVE-2018-8897: The regular Linux kernel could be crashed by local users.
- CVE-2018-8897: A local user in a XEN guest could break out of the hypervisor.
- CVE-2018-1087: A local user in a KVM guest could gain root privilege inside the guest.

Additional Information

All SUSE Linux Enterprise versions are affected by these problems.
 
The issue is fully resolved with Linux Kernel updates for the Linux kernel and KVM, and XEN updates for the XEN part.

Important note :
  • The mitigations for this problem have no performance impact.
  • As this problem is about insufficiently understood x86 CPU instructions in Operating System and Hypervisors, it is independent of the x86 processor revision in use.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7022916
  • Creation Date: 03-May-2018
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center