Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction. A user/process inside guest could use this flaw to potentially escalate their privileges inside guest. Note: Linux guests are not affected. Upstream patch: --------------- -> https://www.spinics.net/lists/kvm/msg151817.html Reference: ---------- -> https://xenbits.xen.org/xsa/advisory-204.html -> https://www.spinics.net/lists/kvm/msg151819.html -> http://www.openwall.com/lists/oss-security/2017/06/23/5 -> https://access.redhat.com/articles/3290921
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1464474]
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.
This was fixed for Fedora with the 4.11.8 stable updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0412 https://access.redhat.com/errata/RHSA-2018:0412
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0395 https://access.redhat.com/errata/RHSA-2018:0395