SB2024040323 - Multiple vulnerabilities in android-emulator-hypervisor-driver-for-amd-processors 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024040323

SB2024040323 - Multiple vulnerabilities in android-emulator-hypervisor-driver-for-amd-processors

Published: April 3, 2024

Security Bulletin ID SB2024040323
Severity
Low
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Memory leak (CVE-ID: CVE-2020-36312)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists in the KVM hypervisor of the Linux kernel. A local user can force the application to leak memory and perform denial of service attack.


2) Out-of-bounds write (CVE-ID: CVE-2019-19332)

The vulnerability allows a local authenticated user to damange or delete data.

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.


3) Improper check or handling of exceptional conditions (CVE-ID: CVE-2018-1087)

The vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.

The weakness exists in the Linux kernel KVM hypervisor due to improper handling of debug exceptions delivered after a stack switch operation via mov SS or pop SS instructions. During the stack switch operation, the exceptions are deferred. An adjacent attacker can cause the service to crash or gain root privileges.

4) Permissions, privileges, and access controls (CVE-ID: CVE-2018-10853)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the way Linux kernel KVM hypervisor emulates instructions, such as sgdt/sidt/fxsave/fxrstor. A local unprivileged user on a guest system can gain write access to kernel space on the same guest system.


5) Privilege escalation (CVE-ID: CVE-2017-7518)

The vulnerability allows an local attacker to gain elevated privileges on the guest system.

The weakness exists due to debug exception error in syscall emulation. A attacker can gain system privileges.

Successful exploitation of the vulnerability results in privilege escalation.


6) Use-after-free error (CVE-ID: CVE-2017-2584)

The vulnerability allows a local attacker to cause DoS condition or obtain potentially sensitive information.

The weakness exists due to use-after-free error in the arch/x86/kvm/emulate.c script. A local attacker  can use a specially crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt and cause the system to crash or read arbitrary file on the system.

Successful exploitation of the vulnerability results in denial of service.

7) Denial of service (CVE-ID: CVE-2017-2583)

The vulnerability allows an adjacent attacker to cause DoS condition.

The weakness exists due to improper emulation of "MOV SS, NULL selector" instruction by the load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel. A quest OS user can use a specially crafted and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

8) Resource management error (CVE-ID: CVE-2017-1000407)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to the possibility of flooding the diagnostic port 0x80. A local user can trigger an exception and cause a kernel panic.

Remediation

Install update from vendor's website.

References