Security vulnerability : "POPSS" flaw (CVE-2018-8897).
This document (7022916) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 11
The "MOV SS" and "POP SS" instructions on the x86 CPU platform have some semantics that differ from other instructions, delaying effects until the next instruction.
This includes single stepping debug exceptions which only happens one instruction later than usual which, depending on the instruction following, could then be executed at a different privilege level. e.g. a SYSCALL instruction directly following above instructions could cause the debug exception delivered with a root privileges to user code.
This could be used to crash the system, or to elevate privileges, depending on existing code patterns.
SLES 12 SP3
- kernel 4.4.126-94.22.1, released Monday, 23rd of April 2018
- xen-4.9.2_04-3.29.1, released Wednesday, 9th of May 2018
SLES 12 SP2 - LTSS
- kernel 4.4.121-92.73.1, released Tuesday, 8th of May 2018
- xen-4.7.5_02-43.30.1, released Friday 11th of May 2018
SLES 12 SP1 - LTSS
- kernel 3.12.74-188.8.131.52, released Friday 11th of May 2018
- xen-4.5.5_24-22.46.1, released Thursday 10th of May 2018
SLES 12 GA - LTSS
- kernel 3.12.61-52.128.1, released Friday 11th of May 2018
- xen-4.4.4_30-22.65.1, released Wednesday, 9th of May 2018
SLES 11 SP4
- kernel 3.0.101-108.41.1, released Tuesday, 8th of May 2018
- xen-4.4.4_30-61.26.1, released Wednesday, 9th of May 2018
SLES 11 SP3 - LTSS
- kernel 3.0.101-0.47.106.22.1, released Tuesday, 8th of May 2018
- xen-4.2.5_21-45.22.1, released Thursday 10th of May 2018
- CVE-2018-8897: A local user in a XEN guest could break out of the hypervisor.
- CVE-2018-1087: A local user in a KVM guest could gain root privilege inside the guest.
The issue is fully resolved with Linux Kernel updates for the Linux kernel and KVM, and XEN updates for the XEN part.
Important note :
- The mitigations for this problem have no performance impact.
- As this problem is about insufficiently understood x86 CPU instructions in Operating System and Hypervisors, it is independent of the x86 processor revision in use.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7022916
- Creation Date: 03-May-2018
- Modified Date:03-Mar-2020
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: email@example.com