Debian: DSA-4564-1 Critical Update: Kernel Privilege Escalation
debian
November 12, 2019
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak
Summary
CVE-2018-12207
It was discovered that on Intel CPUs supporting hardware
virtualisation with Extended Page Tables (EPT), a guest VM may
manipulate the memory management hardware to cause a Machine Check
Error (MCE) and denial of service (hang or crash).
The guest triggers this error by changing page tables without a
TLB flush, so that both 4 KB and 2 MB entries for the same virtual
address are loaded into the instruction TLB (iTLB). This update
implements a mitigation in KVM that prevents guest VMs from
loading 2 MB entries into the iTLB. This will reduce performance
of guest VMs.
Further information on the mitigation can be found at
or in the linux-doc-4.9 or linux-doc-4.19 package.
A qemu update adding support for the PSCHANGE_MC_NO feature, which
allows to disable iTLB Multihit mitigations in nested hypervisors will be provided via DSA 4566-1.
Intel's explanation of the issue can be found at
CVE-2019-0154
Intel discovere...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!