Bug 1015703 - (CVE-2016-9588) VUL-0: CVE-2016-9588: kernel: kvm: nVMX: uncaught software exceptions in L1 guest lead to DoS
(CVE-2016-9588)
VUL-0: CVE-2016-9588: kernel: kvm: nVMX: uncaught software exceptions in L1 g...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-9588:4.9:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-15 07:54 UTC by Mikhail Kasimov
Modified: 2020-06-10 07:57 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-12-15 07:54:48 UTC
Reference: http://seclists.org/oss-sec/2016/q4/684
===================================================
  Hello,

Linux kernel built with the KVM virtualisation support(CONFIG_KVM), with nested virtualisation(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exceptions issue. It could occur if a L2 guest was to throw an exception which is not handled by L1 guest.


A L1 guest user could use this flaw to crash the guest resulting in DoS.

Upstream patch
--------------
  -> https://www.spinics.net/lists/kvm/msg142495.html

'CVE-2016-9588' has been assigned to this issue by Red Hat Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F


===================================================
Comment 1 Swamp Workflow Management 2016-12-15 23:00:16 UTC
bugbot adjusting priority
Comment 2 Marcus Meissner 2016-12-19 10:16:29 UTC
2.6.32 and later probably affected. 2.6.16 does not seem to be affected.
Comment 3 Joerg Roedel 2017-03-24 13:15:12 UTC
Patch already made it to SLE12-SP1, SLE12-SP2, SLE12-SP3, openSUSE 42.1, and openSUSE 42.2 through stable updates.
Comment 4 Joerg Roedel 2017-03-24 13:33:14 UTC
Backported patch to cve/linux-3.12 branch.

cve/linux-3.0 and below are not affected, as these kernels do not have the nested-vmx feature.
Comment 5 Joerg Roedel 2017-03-24 13:37:38 UTC
All affected non-LTSS product kernels have the fix. I backported and pushed it for inclusion to cve/linux-3.12, so it should made it to the LTSS kernels soon too.

Re-assigning to sec-team.
Comment 6 Swamp Workflow Management 2017-05-11 19:09:30 UTC
SUSE-SU-2017:1247-1: An update that solves 25 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1003077,1015703,1021256,1021762,1023377,1023762,1023992,1024938,1025235,1026024,1026722,1026914,1027066,1027149,1027178,1027189,1027190,1028415,1028895,1029986,1030118,1030213,1030901,1031003,1031052,1031440,1031579,1032344,1033336,914939,954763,968697,979215,983212,989056
CVE References: CVE-2015-1350,CVE-2016-10044,CVE-2016-10200,CVE-2016-10208,CVE-2016-2117,CVE-2016-3070,CVE-2016-5243,CVE-2016-7117,CVE-2016-9588,CVE-2017-2671,CVE-2017-5669,CVE-2017-5897,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6348,CVE-2017-6353,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7616
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kernel-default-3.12.61-52.72.1, kernel-source-3.12.61-52.72.1, kernel-syms-3.12.61-52.72.1, kernel-xen-3.12.61-52.72.1, kgraft-patch-SLE12_Update_21-1-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.72.1, kernel-source-3.12.61-52.72.1, kernel-syms-3.12.61-52.72.1, kernel-xen-3.12.61-52.72.1, kgraft-patch-SLE12_Update_21-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.72.1
Comment 7 Swamp Workflow Management 2017-05-19 16:11:59 UTC
SUSE-SU-2017:1360-1: An update that solves 30 vulnerabilities and has 72 fixes is now available.

Category: security (important)
Bug References: 1003077,1008842,1009682,1012620,1012985,1015703,1015787,1015821,1017512,1018100,1018263,1018419,1018446,1019168,1019514,1020048,1020795,1021256,1021374,1021762,1021913,1022559,1022971,1023164,1023207,1023377,1023762,1023824,1023888,1023992,1024081,1024234,1024309,1024508,1024788,1025039,1025235,1025354,1025802,1026024,1026722,1026914,1027066,1027178,1027189,1027190,1027974,1028041,1028415,1028595,1028648,1028895,1029470,1029850,1029986,1030118,1030213,1030593,1030901,1031003,1031052,1031080,1031440,1031567,1031579,1031662,1031842,1032125,1032141,1032344,1032345,1033336,1034670,103470,1034700,1035576,1035699,1035738,1035877,1036752,1038261,799133,857926,914939,917630,922853,930399,931620,937444,940946,954763,968697,970083,971933,979215,982783,983212,984530,985561,988065,989056,993832
CVE References: CVE-2015-1350,CVE-2016-10044,CVE-2016-10200,CVE-2016-10208,CVE-2016-2117,CVE-2016-3070,CVE-2016-5243,CVE-2016-7117,CVE-2016-9191,CVE-2016-9588,CVE-2016-9604,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5897,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7616,CVE-2017-7645,CVE-2017-8106
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.74-60.64.40.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.74-60.64.40.4, kernel-obs-build-3.12.74-60.64.40.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.74-60.64.40.1, kernel-source-3.12.74-60.64.40.1, kernel-syms-3.12.74-60.64.40.1, kernel-xen-3.12.74-60.64.40.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.40.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_15-1-4.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.74-60.64.40.1, kernel-source-3.12.74-60.64.40.1, kernel-syms-3.12.74-60.64.40.1, kernel-xen-3.12.74-60.64.40.1
Comment 8 Marcus Meissner 2017-06-23 09:01:38 UTC
released