ArchLinux: 201701-32: linux: privilege escalation
Summary
The Linux kernel > 3.6-rc1, when built with Kernel-based Virtual Machine (CONFIG_KVM) support, is vulnerable to an incorrect segment selector (SS) value error. It could occur loading values into SS register in long mode. A user/process inside a guest host could use this flaw to crash the guest, resulting in denial of service, or potentially escalate their privileges inside the guest system on an AMD processor.
Resolution
Upgrade to 4.9.5-1.
# pacman -Syu "linux>=4.9.5-1"
The problem has been fixed upstream in version 4.9.5.
References
https://seclists.org/oss-sec/2017/q1/137 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ https://security.archlinux.org/CVE-2017-2583
Workaround
None.