Vulnerability Details : CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
Vulnerability category: OverflowMemory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2018-1000199
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-1000199
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
nvd@nist.gov |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
nvd@nist.gov |
CWE ids for CVE-2018-1000199
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000199
-
https://access.redhat.com/errata/RHSA-2018:1374
RHSA-2018:1374 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
[security-announce] openSUSE-SU-2020:0801-1: important: Security update
-
https://access.redhat.com/errata/RHSA-2018:1345
RHSA-2018:1345 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3641-2/
USN-3641-2: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1355
RHSA-2018:1355 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4188
Debian -- Security Information -- DSA-4188-1 linuxThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1318
RHSA-2018:1318 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3641-1/
USN-3641-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lkml.org/lkml/2018/4/6/813
LKML: Greg Kroah-Hartman: [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentationMailing List;Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1040806
Linux Kernel ptrace() Error Handling Flaw Lets Local Users Cause Denial of Service Conditions on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:1348
RHSA-2018:1348 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4187
Debian -- Security Information -- DSA-4187-1 linuxThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1354
RHSA-2018:1354 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
[SECURITY] [DLA 1369-1] linux security updateThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1347
RHSA-2018:1347 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Products affected by CVE-2018-1000199
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*