Lucene search

K

[email protected]NVD:CVE-2018-1000199

HistoryMay 24, 2018 - 1:29 p.m.

CVE-2018-1000199

2018-05-2413:29:01

CWE-119

[email protected]

web.nvd.nist.gov

5

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.8%

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.

Affected configurations

NVD

Node

debiandebian_linuxMatch7.0

OR

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

Node

linuxlinux_kernelMatch3.18

Node

canonicalubuntu_linuxMatch12.04esm

OR

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch16.04lts

OR

canonicalubuntu_linuxMatch17.10

Node

redhatenterprise_linuxMatch7.0

OR

redhatenterprise_linuxMatch7.2

OR

redhatenterprise_linuxMatch7.3

OR

redhatenterprise_linuxMatch7.4

OR

redhatenterprise_linuxMatch7.5

OR

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_server_ausMatch7.2

OR

redhatenterprise_linux_server_ausMatch7.3

OR

redhatenterprise_linux_server_ausMatch7.4

OR

redhatenterprise_linux_server_eusMatch7.3

OR

redhatenterprise_linux_server_eusMatch7.4

OR

redhatenterprise_linux_server_eusMatch7.5

OR

redhatenterprise_linux_server_tusMatch7.2

OR

redhatenterprise_linux_workstationMatch7.0

References

lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

www.securitytracker.com/id/1040806

access.redhat.com/errata/RHSA-2018:1318

access.redhat.com/errata/RHSA-2018:1345

access.redhat.com/errata/RHSA-2018:1347

access.redhat.com/errata/RHSA-2018:1348

access.redhat.com/errata/RHSA-2018:1354

access.redhat.com/errata/RHSA-2018:1355

access.redhat.com/errata/RHSA-2018:1374

lists.debian.org/debian-lts-announce/2018/05/msg00000.html

lkml.org/lkml/2018/4/6/813

usn.ubuntu.com/3641-1/

usn.ubuntu.com/3641-2/

www.debian.org/security/2018/dsa-4187

www.debian.org/security/2018/dsa-4188

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.8%

Related for NVD:CVE-2018-1000199

openvas54 suse50 nessus70 prion1 ubuntucve1 cvelist1 veracode1 debiancve1 redhatcve1 cve1 virtuozzo1 redhat7 oraclelinux4 cloudfoundry1 ubuntu2 centos1 amazon2