Home > Vulnerability Database > CVE-2018-1000199

Mend.io Vulnerability Database

CVE-2018-1000199

Good to know:

Date: May 24, 2018

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.

Language: C

Severity Score

5.5

Related Resources (20)

Url: https://access.redhat.com/errata/RHSA-2018:1318

Url: https://usn.ubuntu.com/3641-1/

Url: https://usn.ubuntu.com/3641-2/

Url: https://access.redhat.com/errata/RHSA-2018:1347

Url: https://lkml.org/lkml/2018/4/6/813

Url: https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html

Url: https://access.redhat.com/errata/RHSA-2018:1348

Url: http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Url: https://www.debian.org/security/2018/dsa-4187

Url: https://www.debian.org/security/2018/dsa-4188

Url: https://access.redhat.com/security/cve/CVE-2018-1000199

Url: https://security-tracker.debian.org/tracker/CVE-2018-1000199

Url: https://access.redhat.com/errata/RHSA-2018:1345

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000199

Url: https://access.redhat.com/errata/RHSA-2018:1354

Url: http://www.securitytracker.com/id/1040806

Url: https://access.redhat.com/errata/RHSA-2018:1355

Url: https://access.redhat.com/errata/RHSA-2018:1374

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1000199

Url: https://www.mend.io/vulnerability-database/CVE-2018-1000199

Severity Score

5.5

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Error Handling

CWE-388

Top Fix

Upgrade Version

Upgrade to version linux-yocto - 4.10+gitAUTOINC+805ea440c7_b259a5d744;linux-yocto - 4.8.26+gitAUTOINC+1c60e003c7_27efc3ba68

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1000199

Good to know:

Date: May 24, 2018

Language: C

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?