CVE-2018-17972
published 2018-10-03CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the…
medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.18.20-1 (bookworm) | linux 4.18.20-1 (bookworm) |
| linux | linux_kernel | <= 4.18.11 | — |
| linux | linux_kernel | >= 0 < 4.18.20-1 | 4.18.20-1 |
| linux | linux_kernel | >= 0 < 4.18.20-1 | 4.18.20-1 |
| linux | linux_kernel | >= 0 < 4.18.20-1 | 4.18.20-1 |
| linux | linux_kernel | >= 0 < 4.18.20-1 | 4.18.20-1 |
| linux | linux_kernel | >= 0 < 3.13.0-165.215 | 3.13.0-165.215 |
| linux | linux_kernel | >= 0 < 4.4.0-139.165 | 4.4.0-139.165 |
| linux | linux_kernel | >= 0 < 4.15.0-44.47 | 4.15.0-44.47 |
| linux | linux_kernel | >= 0 < 4.15.0-45.48 | 4.15.0-45.48 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv6.5MEDIUM