This notice is to advise Joyent customers of CVE-2018-8897, a potential security vulnerability surrounding writes to the %ss register.
In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception, after certain instructions involving writes to the %ss register:
- The issue appears to originate from an undocumented side effect of the instructions.
- An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory, or to control operating system processes.
Joyent products and systems are not affected by this vulnerability. Further details and a list of applications/services that may be vulnerable can be found in this note from CERT.
Actions Taken by Joyent
As noted above, Joyent is not affected.
Actions You Need to Take
If you are using KVM instances, please refer to communications from your guest OS vendor for instructions on how to upgrade or patch your guest OS for this vulnerability, if any.
If you are a Joyent customer and have any further questions or concerns after reading the information provided above, please contact Joyent Support.
If you are an Open Source Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.