Vulnerability Details : CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2018-1000199
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000199
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000199
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-1000199
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000199
-
https://access.redhat.com/errata/RHSA-2018:1374
RHSA-2018:1374 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
[security-announce] openSUSE-SU-2020:0801-1: important: Security update
-
https://access.redhat.com/errata/RHSA-2018:1345
RHSA-2018:1345 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3641-2/
USN-3641-2: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1355
RHSA-2018:1355 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4188
Debian -- Security Information -- DSA-4188-1 linuxThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1318
RHSA-2018:1318 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3641-1/
USN-3641-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lkml.org/lkml/2018/4/6/813
LKML: Greg Kroah-Hartman: [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentationMailing List;Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1040806
Linux Kernel ptrace() Error Handling Flaw Lets Local Users Cause Denial of Service Conditions on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:1348
RHSA-2018:1348 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4187
Debian -- Security Information -- DSA-4187-1 linuxThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1354
RHSA-2018:1354 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
[SECURITY] [DLA 1369-1] linux security updateThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1347
RHSA-2018:1347 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to