KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppc{save,restore}tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppcsavetm()/kvmppcrestoretm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppcsave/restoretm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppcsavetm/kvmppcrestoretm to separate file")
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-image-4.15.0-96-generic-lpae-dbgsym": "4.15.0-96.97~16.04.1", "linux-image-4.15.0-96-lowlatency-dbgsym": "4.15.0-96.97~16.04.1", "linux-image-4.15.0-96-lowlatency": "4.15.0-96.97~16.04.1", "fs-secondary-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "pcmcia-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "dasd-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-hwe-udebs-generic-lpae": "4.15.0-96.97~16.04.1", "linux-image-unsigned-4.15.0-96-generic-dbgsym": "4.15.0-96.97~16.04.1", "virtio-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-buildinfo-4.15.0-96-generic": "4.15.0-96.97~16.04.1", "linux-modules-extra-4.15.0-96-generic": "4.15.0-96.97~16.04.1", "floppy-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "fat-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "irda-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "multipath-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "pata-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-tools-4.15.0-96-generic": "4.15.0-96.97~16.04.1", "linux-modules-4.15.0-96-lowlatency": "4.15.0-96.97~16.04.1", "multipath-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "nic-shared-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "plip-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "vlan-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "linux-image-unsigned-4.15.0-96-generic": "4.15.0-96.97~16.04.1", "usb-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "linux-tools-4.15.0-96-generic-lpae": "4.15.0-96.97~16.04.1", "serial-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "nic-usb-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "nfs-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "nic-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "usb-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "sata-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "nic-usb-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "block-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "kernel-image-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "ipmi-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-cloud-tools-4.15.0-96-generic": "4.15.0-96.97~16.04.1", "nic-pcmcia-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "input-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "fs-core-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "ipmi-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "parport-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "md-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "linux-headers-4.15.0-96-generic": "4.15.0-96.97~16.04.1", "linux-modules-4.15.0-96-generic": "4.15.0-96.97~16.04.1", "firewire-core-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "sata-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "linux-modules-4.15.0-96-generic-lpae": "4.15.0-96.97~16.04.1", "block-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-buildinfo-4.15.0-96-generic-lpae": "4.15.0-96.97~16.04.1", "linux-hwe-udebs-generic": "4.15.0-96.97~16.04.1", "fat-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-image-unsigned-4.15.0-96-lowlatency-dbgsym": "4.15.0-96.97~16.04.1", "linux-image-4.15.0-96-generic": "4.15.0-96.97~16.04.1", "dasd-extra-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "message-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-tools-4.15.0-96-lowlatency": "4.15.0-96.97~16.04.1", "linux-cloud-tools-4.15.0-96-lowlatency": "4.15.0-96.97~16.04.1", "linux-source-4.15.0": "4.15.0-96.97~16.04.1", "linux-hwe-tools-4.15.0-96": "4.15.0-96.97~16.04.1", "crypto-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "fs-core-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-headers-4.15.0-96-generic-lpae": "4.15.0-96.97~16.04.1", "nfs-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "nic-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "nic-shared-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "parport-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "scsi-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "crypto-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "linux-image-4.15.0-96-generic-dbgsym": "4.15.0-96.97~16.04.1", "linux-headers-4.15.0-96": "4.15.0-96.97~16.04.1", "mouse-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "ppp-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "storage-core-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "kernel-image-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "vlan-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-image-4.15.0-96-generic-lpae": "4.15.0-96.97~16.04.1", "storage-core-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "fs-secondary-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "linux-buildinfo-4.15.0-96-lowlatency": "4.15.0-96.97~16.04.1", "scsi-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "pcmcia-storage-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "ppp-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "md-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "input-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "linux-image-unsigned-4.15.0-96-lowlatency": "4.15.0-96.97~16.04.1", "linux-headers-4.15.0-96-lowlatency": "4.15.0-96.97~16.04.1", "fb-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1", "mouse-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "plip-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97~16.04.1", "linux-hwe-cloud-tools-4.15.0-96": "4.15.0-96.97~16.04.1", "irda-modules-4.15.0-96-generic-di": "4.15.0-96.97~16.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "linux-image-4.15.0-96-generic-lpae-dbgsym": "4.15.0-96.97", "linux-image-4.15.0-96-lowlatency-dbgsym": "4.15.0-96.97", "linux-image-4.15.0-96-lowlatency": "4.15.0-96.97", "fs-secondary-modules-4.15.0-96-generic-di": "4.15.0-96.97", "pcmcia-modules-4.15.0-96-generic-di": "4.15.0-96.97", "dasd-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-image-unsigned-4.15.0-96-generic-dbgsym": "4.15.0-96.97", "virtio-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-tools-4.15.0-96": "4.15.0-96.97", "linux-udebs-generic": "4.15.0-96.97", "linux-buildinfo-4.15.0-96-generic": "4.15.0-96.97", "linux-modules-extra-4.15.0-96-generic": "4.15.0-96.97", "floppy-modules-4.15.0-96-generic-di": "4.15.0-96.97", "fat-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "irda-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "multipath-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "pata-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-tools-4.15.0-96-generic": "4.15.0-96.97", "linux-modules-4.15.0-96-lowlatency": "4.15.0-96.97", "multipath-modules-4.15.0-96-generic-di": "4.15.0-96.97", "nic-shared-modules-4.15.0-96-generic-di": "4.15.0-96.97", "plip-modules-4.15.0-96-generic-di": "4.15.0-96.97", "vlan-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "linux-image-unsigned-4.15.0-96-generic": "4.15.0-96.97", "usb-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "linux-tools-4.15.0-96-generic-lpae": "4.15.0-96.97", "serial-modules-4.15.0-96-generic-di": "4.15.0-96.97", "nic-usb-modules-4.15.0-96-generic-di": "4.15.0-96.97", "nfs-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "nic-modules-4.15.0-96-generic-di": "4.15.0-96.97", "usb-modules-4.15.0-96-generic-di": "4.15.0-96.97", "sata-modules-4.15.0-96-generic-di": "4.15.0-96.97", "nic-usb-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "block-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "kernel-image-4.15.0-96-generic-di": "4.15.0-96.97", "ipmi-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-cloud-tools-4.15.0-96-generic": "4.15.0-96.97", "nic-pcmcia-modules-4.15.0-96-generic-di": "4.15.0-96.97", "input-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "fs-core-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "ipmi-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "parport-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "md-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "linux-headers-4.15.0-96-generic": "4.15.0-96.97", "linux-modules-4.15.0-96-generic": "4.15.0-96.97", "firewire-core-modules-4.15.0-96-generic-di": "4.15.0-96.97", "sata-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "block-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-modules-4.15.0-96-generic-lpae": "4.15.0-96.97", "linux-buildinfo-4.15.0-96-generic-lpae": "4.15.0-96.97", "message-modules-4.15.0-96-generic-di": "4.15.0-96.97", "fat-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-image-4.15.0-96-generic": "4.15.0-96.97", "linux-image-unsigned-4.15.0-96-lowlatency-dbgsym": "4.15.0-96.97", "dasd-extra-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-tools-4.15.0-96-lowlatency": "4.15.0-96.97", "linux-cloud-tools-4.15.0-96-lowlatency": "4.15.0-96.97", "linux-source-4.15.0": "4.15.0-96.97", "linux-cloud-tools-common": "4.15.0-96.97", "crypto-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-libc-dev": "4.15.0-96.97", "fs-core-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-headers-4.15.0-96-generic-lpae": "4.15.0-96.97", "linux-doc": "4.15.0-96.97", "nic-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "nic-shared-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "parport-modules-4.15.0-96-generic-di": "4.15.0-96.97", "nfs-modules-4.15.0-96-generic-di": "4.15.0-96.97", "scsi-modules-4.15.0-96-generic-di": "4.15.0-96.97", "crypto-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "linux-image-4.15.0-96-generic-dbgsym": "4.15.0-96.97", "linux-cloud-tools-4.15.0-96": "4.15.0-96.97", "linux-headers-4.15.0-96": "4.15.0-96.97", "mouse-modules-4.15.0-96-generic-di": "4.15.0-96.97", "ppp-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "storage-core-modules-4.15.0-96-generic-di": "4.15.0-96.97", "kernel-image-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "vlan-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-tools-host": "4.15.0-96.97", "linux-image-4.15.0-96-generic-lpae": "4.15.0-96.97", "storage-core-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "fs-secondary-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "linux-udebs-generic-lpae": "4.15.0-96.97", "linux-buildinfo-4.15.0-96-lowlatency": "4.15.0-96.97", "scsi-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "pcmcia-storage-modules-4.15.0-96-generic-di": "4.15.0-96.97", "ppp-modules-4.15.0-96-generic-di": "4.15.0-96.97", "md-modules-4.15.0-96-generic-di": "4.15.0-96.97", "input-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-image-unsigned-4.15.0-96-lowlatency": "4.15.0-96.97", "linux-headers-4.15.0-96-lowlatency": "4.15.0-96.97", "fb-modules-4.15.0-96-generic-di": "4.15.0-96.97", "linux-tools-common": "4.15.0-96.97", "mouse-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97", "irda-modules-4.15.0-96-generic-di": "4.15.0-96.97", "plip-modules-4.15.0-96-generic-lpae-di": "4.15.0-96.97" } ] }