Lucene search

K
cve[email protected]CVE-2018-1000199
HistoryMay 24, 2018 - 1:29 p.m.

CVE-2018-1000199

2018-05-2413:29:01
CWE-119
web.nvd.nist.gov
285
linux kernel
cve-2018-1000199
vulnerability
modify_user_hw_breakpoint
local code execution
ptrace
git commit
security

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

26.5%

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.

Affected configurations

NVD
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
linuxlinux_kernelMatch3.18
Node
canonicalubuntu_linuxMatch12.04esm
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch17.10
Node
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch7.2
OR
redhatenterprise_linuxMatch7.3
OR
redhatenterprise_linuxMatch7.4
OR
redhatenterprise_linuxMatch7.5
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.2
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_eusMatch7.3
OR
redhatenterprise_linux_server_eusMatch7.4
OR
redhatenterprise_linux_server_eusMatch7.5
OR
redhatenterprise_linux_server_tusMatch7.2
OR
redhatenterprise_linux_workstationMatch7.0
VendorProductVersionCPE
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0:::
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0:::
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0:::

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

26.5%