CVE-2018-1000199

Severity

49%

Complexity

39%

Confidentiality

115%

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.

CVSS 3.0 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 6 years ago

2018-05-24 13:29:00

Last updated 6 years ago

2018-06-27 11:43:00

Affected Software

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Debian Linux 9.0

9.0

Linux Kernel 3.18

3.18

Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Canonical Ubuntu Linux 17.10

17.10

Red Hat Enterprise Linux (RHEL) 7.0 (7)

7.0

Red Hat Enterprise Linux 7.2

7.2

Red Hat Enterprise Linux 7.3

7.3

Red Hat Enterprise Linux 7.4

7.4

Red Hat Enterprise Linux 7.5

7.5

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux Server 7.0

7.0

Red Hat Enterprise Linux Server AUS 7.2

7.2

Red Hat Enterprise Linux Advanced mission critical Update Support (AUS) 7.3

7.3

Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4

7.4

Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.3

7.3

Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4

7.4

Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5

7.5

RedHat Enterprise Linux Workstation 7.0

7.0

References

1040806

Third Party Advisory, VDB Entry

RHSA-2018:1318

Third Party Advisory

RHSA-2018:1345

Third Party Advisory

RHSA-2018:1347

Third Party Advisory

RHSA-2018:1348

Third Party Advisory

RHSA-2018:1354

Third Party Advisory

RHSA-2018:1355

Third Party Advisory

RHSA-2018:1374

Third Party Advisory

[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update

Third Party Advisory

[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation

Mailing List, Patch, Third Party Advisory

USN-3641-1

Third Party Advisory

USN-3641-2

Third Party Advisory

DSA-4187

Third Party Advisory

DSA-4188

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.