ID CVE-2018-1000199
Summary The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 27-06-2018 - 11:43)
Impact:
Exploitability:
CWE CWE-388
CAPEC
  • Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes any stack traces produced by error messages. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to cause the targeted application to return an error including a stack trace, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. The stack trace enumerates the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.
  • Fuzzing
    Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
  • bugzilla
    id 1568477
    title CVE-2018-1000199 kernel: ptrace() incorrect error handling leads to corruption and DoS
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment kernel is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318009
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318007
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318031
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318023
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318019
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318021
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318005
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-headers is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318025
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318011
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318015
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment kernel-tools is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318027
        • comment kernel-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678010
      • AND
        • comment kernel-tools-libs is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318029
        • comment kernel-tools-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678012
      • AND
        • comment kernel-tools-libs-devel is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318033
        • comment kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678020
      • AND
        • comment perf is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318013
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:3.10.0-862.2.3.el7
          oval oval:com.redhat.rhsa:tst:20181318017
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111530020
    rhsa
    id RHSA-2018:1318
    released 2018-05-08
    severity Important
    title RHSA-2018:1318: kernel security, bug fix, and enhancement update (Important)
  • bugzilla
    id 1568477
    title CVE-2018-1000199 kernel: ptrace() incorrect error handling leads to corruption and DoS
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment kernel-rt is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355009
        • comment kernel-rt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727006
      • AND
        • comment kernel-rt-debug is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355023
        • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727014
      • AND
        • comment kernel-rt-debug-devel is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355019
        • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727016
      • AND
        • comment kernel-rt-debug-kvm is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355007
        • comment kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20161051024
      • AND
        • comment kernel-rt-devel is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355021
        • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727012
      • AND
        • comment kernel-rt-doc is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355005
        • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727018
      • AND
        • comment kernel-rt-kvm is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355011
        • comment kernel-rt-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20161051016
      • AND
        • comment kernel-rt-trace is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355015
        • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727008
      • AND
        • comment kernel-rt-trace-devel is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355013
        • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727010
      • AND
        • comment kernel-rt-trace-kvm is earlier than 0:3.10.0-862.2.3.rt56.806.el7
          oval oval:com.redhat.rhsa:tst:20181355017
        • comment kernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20161051018
    rhsa
    id RHSA-2018:1355
    released 2018-05-08
    severity Important
    title RHSA-2018:1355: kernel-rt security and bug fix update (Important)
  • rhsa
    id RHSA-2018:1345
  • rhsa
    id RHSA-2018:1347
  • rhsa
    id RHSA-2018:1348
  • rhsa
    id RHSA-2018:1354
  • rhsa
    id RHSA-2018:1374
rpms
  • kernel-0:3.10.0-862.2.3.el7
  • kernel-abi-whitelists-0:3.10.0-862.2.3.el7
  • kernel-bootwrapper-0:3.10.0-862.2.3.el7
  • kernel-debug-0:3.10.0-862.2.3.el7
  • kernel-debug-devel-0:3.10.0-862.2.3.el7
  • kernel-devel-0:3.10.0-862.2.3.el7
  • kernel-doc-0:3.10.0-862.2.3.el7
  • kernel-headers-0:3.10.0-862.2.3.el7
  • kernel-kdump-0:3.10.0-862.2.3.el7
  • kernel-kdump-devel-0:3.10.0-862.2.3.el7
  • kernel-tools-0:3.10.0-862.2.3.el7
  • kernel-tools-libs-0:3.10.0-862.2.3.el7
  • kernel-tools-libs-devel-0:3.10.0-862.2.3.el7
  • perf-0:3.10.0-862.2.3.el7
  • python-perf-0:3.10.0-862.2.3.el7
  • kernel-rt-0:3.10.0-862.2.3.rt56.806.el7
  • kernel-rt-debug-0:3.10.0-862.2.3.rt56.806.el7
  • kernel-rt-debug-devel-0:3.10.0-862.2.3.rt56.806.el7
  • kernel-rt-debug-kvm-0:3.10.0-862.2.3.rt56.806.el7
  • kernel-rt-devel-0:3.10.0-862.2.3.rt56.806.el7
  • kernel-rt-doc-0:3.10.0-862.2.3.rt56.806.el7
  • kernel-rt-kvm-0:3.10.0-862.2.3.rt56.806.el7
  • kernel-rt-trace-0:3.10.0-862.2.3.rt56.806.el7
  • kernel-rt-trace-devel-0:3.10.0-862.2.3.rt56.806.el7
  • kernel-rt-trace-kvm-0:3.10.0-862.2.3.rt56.806.el7
refmap via4
debian
  • DSA-4187
  • DSA-4188
mlist
  • [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
  • [linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation
sectrack 1040806
ubuntu
  • USN-3641-1
  • USN-3641-2
Last major update 27-06-2018 - 11:43
Published 24-05-2018 - 13:29
Back to Top