CVE-2018-1000199 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ubuntu Linux
Severity
5.5MEDIUMNVD
EPSS
0.5%
top 35.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 24
Latest updateMay 13
Description
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, Enterprise Linux 7.0, 7.2, 7.3, 7.4, 7.5
Patches
🔴Vulnerability Details
4OSV▶
linux, linux-aws, linux-azure, linux-euclid, linux-gcp, linux-hwe, linux-kvm, linux-lts-xenial, linux-oem, linux-raspi2, linux-snapdragon vulnerabilities↗2018-05-08
📋Vendor Advisories
4Debian▶
CVE-2018-1000199: linux - The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modi...↗2018
💬Community
1Bugzilla
▶