CVE-2018-1000199 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Linux	Linux Kernel
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Eus Enterprise Linux Server Tus Enterprise Linux Workstation Enterprise Mrg Rhel Aus Rhel E4s Rhel Eus Rhel Extras Rt Rhel Tus

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-862.2.3.rt56.806.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2018:1355	2018-05-08T00:00:00Z
kernel-0:3.10.0-862.2.3.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2018:1318	2018-05-08T00:00:00Z
kernel-alt-0:4.14.0-49.2.2.el7a	cpe:/o:redhat:enterprise_linux:7	RHSA-2018:1374	2018-05-14T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
kernel-0:3.10.0-327.66.3.el7	cpe:/o:redhat:rhel_aus:7.2	RHSA-2018:1347	2018-05-08T00:00:00Z
Red Hat Enterprise Linux 7.2 Telco Extended Update Support
kernel-0:3.10.0-327.66.3.el7	cpe:/o:redhat:rhel_tus:7.2	RHSA-2018:1347	2018-05-08T00:00:00Z
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
kernel-0:3.10.0-327.66.3.el7	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2018:1347	2018-05-08T00:00:00Z
Red Hat Enterprise Linux 7.3 Extended Update Support
kernel-0:3.10.0-514.48.3.el7	cpe:/o:redhat:rhel_eus:7.3	RHSA-2018:1348	2018-05-08T00:00:00Z
Red Hat Enterprise Linux 7.4 Extended Update Support
kernel-0:3.10.0-693.25.4.el7	cpe:/o:redhat:rhel_eus:7.4	RHSA-2018:1345	2018-05-08T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-693.25.4.rt56.613.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2018:1354	2018-05-08T00:00:00Z

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
http://www.securitytracker.com/id/1040806
https://access.redhat.com/errata/RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1345
https://access.redhat.com/errata/RHSA-2018:1347
https://access.redhat.com/errata/RHSA-2018:1348
https://access.redhat.com/errata/RHSA-2018:1354
https://access.redhat.com/errata/RHSA-2018:1355
https://access.redhat.com/errata/RHSA-2018:1374
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
https://lkml.org/lkml/2018/4/6/813
https://nvd.nist.gov/vuln/detail/CVE-2018-1000199
https://usn.ubuntu.com/3641-1/
https://usn.ubuntu.com/3641-2/
https://www.cve.org/CVERecord?id=CVE-2018-1000199
https://www.debian.org/security/2018/dsa-4187
https://www.debian.org/security/2018/dsa-4188

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-05-18T00:00:00", "datePublic": "2018-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-13T08:13:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-4187", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4187"}, {"name": "RHSA-2018:1347", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1347"}, {"name": "RHSA-2018:1348", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1348"}, {"name": "DSA-4188", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4188"}, {"name": "RHSA-2018:1354", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1354"}, {"name": "1040806", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040806"}, {"name": "RHSA-2018:1355", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"name": "RHSA-2018:1345", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1345"}, {"name": "RHSA-2018:1318", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"name": "RHSA-2018:1374", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1374"}, {"name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lkml.org/lkml/2018/4/6/813"}, {"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"name": "USN-3641-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3641-2/"}, {"name": "USN-3641-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3641-1/"}, {"name": "openSUSE-SU-2020:0801", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-05-18T21:46:02.320084", "DATE_REQUESTED": "2018-04-17T08:55:55", "ID": "CVE-2018-1000199", "REQUESTER": "luto@kernel.org", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187"}, {"name": "RHSA-2018:1347", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1347"}, {"name": "RHSA-2018:1348", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1348"}, {"name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188"}, {"name": "RHSA-2018:1354", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1354"}, {"name": "1040806", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040806"}, {"name": "RHSA-2018:1355", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"name": "RHSA-2018:1345", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1345"}, {"name": "RHSA-2018:1318", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"name": "RHSA-2018:1374", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1374"}, {"name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation", "refsource": "MLIST", "url": "https://lkml.org/lkml/2018/4/6/813"}, {"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"name": "USN-3641-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3641-2/"}, {"name": "USN-3641-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3641-1/"}, {"name": "openSUSE-SU-2020:0801", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:40:46.875Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4187", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4187"}, {"name": "RHSA-2018:1347", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1347"}, {"name": "RHSA-2018:1348", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1348"}, {"name": "DSA-4188", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4188"}, {"name": "RHSA-2018:1354", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1354"}, {"name": "1040806", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040806"}, {"name": "RHSA-2018:1355", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"name": "RHSA-2018:1345", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1345"}, {"name": "RHSA-2018:1318", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"name": "RHSA-2018:1374", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1374"}, {"name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lkml.org/lkml/2018/4/6/813"}, {"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"name": "USN-3641-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3641-2/"}, {"name": "USN-3641-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3641-1/"}, {"name": "openSUSE-SU-2020:0801", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000199", "datePublished": "2018-05-24T13:00:00", "dateReserved": "2018-04-17T00:00:00", "dateUpdated": "2024-08-05T12:40:46.875Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

dateAssigned : 2018-05-18T00:00:00 (string)

datePublic : 2018-04-06T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-06-13T08:13:02 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : DSA-4187 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : https://www.debian.org/security/2018/dsa-4187 (string)

}

1 : { »

name : RHSA-2018:1347 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1347 (string)

}

2 : { »

name : RHSA-2018:1348 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1348 (string)

}

3 : { »

name : DSA-4188 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : https://www.debian.org/security/2018/dsa-4188 (string)

}

4 : { »

name : RHSA-2018:1354 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1354 (string)

}

5 : { »

name : 1040806 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1040806 (string)

}

6 : { »

name : RHSA-2018:1355 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1355 (string)

}

7 : { »

name : RHSA-2018:1345 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1345 (string)

}

8 : { »

name : RHSA-2018:1318 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1318 (string)

}

9 : { »

name : RHSA-2018:1374 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1374 (string)

}

10 : { »

name : [linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lkml.org/lkml/2018/4/6/813 (string)

}

11 : { »

name : [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html (string)

}

12 : { »

name : USN-3641-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : https://usn.ubuntu.com/3641-2/ (string)

}

13 : { »

name : USN-3641-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : https://usn.ubuntu.com/3641-1/ (string)

}

14 : { »

name : openSUSE-SU-2020:0801 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

DATE_ASSIGNED : 2018-05-18T21:46:02.320084 (string)

DATE_REQUESTED : 2018-04-17T08:55:55 (string)

ID : CVE-2018-1000199 (string)

REQUESTER : luto@kernel.org (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : DSA-4187 (string)

refsource : DEBIAN (string)

url : https://www.debian.org/security/2018/dsa-4187 (string)

}

1 : { »

name : RHSA-2018:1347 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2018:1347 (string)

}

2 : { »

name : RHSA-2018:1348 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2018:1348 (string)

}

3 : { »

name : DSA-4188 (string)

refsource : DEBIAN (string)

url : https://www.debian.org/security/2018/dsa-4188 (string)

}

4 : { »

name : RHSA-2018:1354 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2018:1354 (string)

}

5 : { »

name : 1040806 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1040806 (string)

}

6 : { »

name : RHSA-2018:1355 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2018:1355 (string)

}

7 : { »

name : RHSA-2018:1345 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2018:1345 (string)

}

8 : { »

name : RHSA-2018:1318 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2018:1318 (string)

}

9 : { »

name : RHSA-2018:1374 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2018:1374 (string)

}

10 : { »

name : [linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation (string)

refsource : MLIST (string)

url : https://lkml.org/lkml/2018/4/6/813 (string)

}

11 : { »

name : [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (string)

refsource : MLIST (string)

url : https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html (string)

}

12 : { »

name : USN-3641-2 (string)

refsource : UBUNTU (string)

url : https://usn.ubuntu.com/3641-2/ (string)

}

13 : { »

name : USN-3641-1 (string)

refsource : UBUNTU (string)

url : https://usn.ubuntu.com/3641-1/ (string)

}

14 : { »

name : openSUSE-SU-2020:0801 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T12:40:46.875Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : DSA-4187 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : https://www.debian.org/security/2018/dsa-4187 (string)

}

1 : { »

name : RHSA-2018:1347 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1347 (string)

}

2 : { »

name : RHSA-2018:1348 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1348 (string)

}

3 : { »

name : DSA-4188 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : https://www.debian.org/security/2018/dsa-4188 (string)

}

4 : { »

name : RHSA-2018:1354 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1354 (string)

}

5 : { »

name : 1040806 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1040806 (string)

}

6 : { »

name : RHSA-2018:1355 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1355 (string)

}

7 : { »

name : RHSA-2018:1345 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1345 (string)

}

8 : { »

name : RHSA-2018:1318 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1318 (string)

}

9 : { »

name : RHSA-2018:1374 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1374 (string)

}

10 : { »

name : [linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lkml.org/lkml/2018/4/6/813 (string)

}

11 : { »

name : [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html (string)

}

12 : { »

name : USN-3641-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : https://usn.ubuntu.com/3641-2/ (string)

}

13 : { »

name : USN-3641-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : https://usn.ubuntu.com/3641-1/ (string)

}

14 : { »

name : openSUSE-SU-2020:0801 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2018-1000199 (string)

datePublished : 2018-05-24T13:00:00 (string)

dateReserved : 2018-04-17T00:00:00 (string)

dateUpdated : 2024-08-05T12:40:46.875Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*", "matchCriteriaId": "364CAD86-F652-4B84-932A-A8D9146C9010", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E4DC974-235F-4655-966F-2490A4C4E490", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "B99A2411-7F6A-457F-A7BF-EB13C630F902", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f."}, {"lang": "es", "value": "El kernel de Linux en su versi\u00f3n 3.18 contiene una vulnerabilidad de funcionalidad peligrosa en modify_user_hw_breakpoint() que puede resultar en un cierre inesperado y en una posible corrupci\u00f3n de memoria. El ataque parece ser explotable mediante la ejecuci\u00f3n de c\u00f3digo local y la capacidad de usar ptrace. La vulnerabilidad parece haber sido solucionada en el commit git con ID f67b15037a7a50c57f72e69a6d59941ad90a0f0f."}], "id": "CVE-2018-1000199", "lastModified": "2024-11-21T03:39:55.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-24T13:29:01.290", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040806"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1345"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1347"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1348"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1354"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1374"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lkml.org/lkml/2018/4/6/813"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3641-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3641-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4187"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040806"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1348"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1354"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1374"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lkml.org/lkml/2018/4/6/813"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3641-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3641-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4188"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 16F59A04-14CF-49E2-9973-645477EA09DA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DEECE5FC-CACF-4496-A3E7-164736409252 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:* (string)

matchCriteriaId : 364CAD86-F652-4B84-932A-A8D9146C9010 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* (string)

matchCriteriaId : 8D305F7A-D159-4716-AB26-5E38BB5CD991 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B5A6F2F3-4894-4392-8296-3B8DD2679084 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 9070C9D8-A14A-467F-8253-33B966C16886 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 142AD0DD-4CF3-4D74-9442-459CE3347E3A (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 2E4DC974-235F-4655-966F-2490A4C4E490 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : B99A2411-7F6A-457F-A7BF-EB13C630F902 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 041F9200-4C01-4187-AE34-240E8277B54D (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 4EB48767-F095-444F-9E05-D9AC345AB803 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 33C068A4-3780-4EAB-A937-6082DF847564 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 51EF4996-72F4-4FA4-814F-F5991E7A8318 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 1C8D871B-AEA1-4407-AEE3-47EC782250FF (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 98381E61-F082-4302-B51F-5648884F998B (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : D99A687E-EAE6-417E-A88E-D0082BC194CD (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : A8442C20-41F9-47FD-9A12-E724D3A31FD7 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* (string)

matchCriteriaId : A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 6755B6AD-0422-467B-8115-34A60B1D1A40 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 825ECE2D-E232-46E0-A047-074B34DB1E97 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (string)

}

1 : { »

lang : es (string)

value : El kernel de Linux en su versión 3.18 contiene una vulnerabilidad de funcionalidad peligrosa en modify_user_hw_breakpoint() que puede resultar en un cierre inesperado y en una posible corrupción de memoria. El ataque parece ser explotable mediante la ejecución de código local y la capacidad de usar ptrace. La vulnerabilidad parece haber sido solucionada en el commit git con ID f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (string)

}

]

id : CVE-2018-1000199 (string)

lastModified : 2024-11-21T03:39:55.040 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 4.9 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:N/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-05-24T13:29:01.290 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1040806 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1318 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1345 (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1347 (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1348 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1354 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1355 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1374 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://lkml.org/lkml/2018/4/6/813 (string)

}

11 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/3641-1/ (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/3641-2/ (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2018/dsa-4187 (string)

}

14 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2018/dsa-4188 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1040806 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1318 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1345 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1347 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1348 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1354 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1355 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2018:1374 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://lkml.org/lkml/2018/4/6/813 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/3641-1/ (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://usn.ubuntu.com/3641-2/ (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2018/dsa-4187 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2018/dsa-4188 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:1355", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-862.2.3.rt56.806.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-05-08T00:00:00Z"}, {"advisory": "RHSA-2018:1318", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-862.2.3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-05-08T00:00:00Z"}, {"advisory": "RHSA-2018:1374", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-49.2.2.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-05-14T00:00:00Z"}, {"advisory": "RHSA-2018:1347", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "kernel-0:3.10.0-327.66.3.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2018-05-08T00:00:00Z"}, {"advisory": "RHSA-2018:1347", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "kernel-0:3.10.0-327.66.3.el7", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2018-05-08T00:00:00Z"}, {"advisory": "RHSA-2018:1347", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "kernel-0:3.10.0-327.66.3.el7", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2018-05-08T00:00:00Z"}, {"advisory": "RHSA-2018:1348", "cpe": "cpe:/o:redhat:rhel_eus:7.3", "package": "kernel-0:3.10.0-514.48.3.el7", "product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support", "release_date": "2018-05-08T00:00:00Z"}, {"advisory": "RHSA-2018:1345", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "kernel-0:3.10.0-693.25.4.el7", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2018-05-08T00:00:00Z"}, {"advisory": "RHSA-2018:1354", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-693.25.4.rt56.613.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2018-05-08T00:00:00Z"}], "bugzilla": {"description": "kernel: ptrace() incorrect error handling leads to corruption and DoS", "id": "1568477", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568477"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-460", "details": ["The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.", "An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue:\n1) Save the following script in a 'CVE-2018-1000199.stp' file.\n---\nprobe kernel.function(\"ptrace_set_debugreg\") {\nif ($n < 4)\n$n = 4; /* set invalid debug register #, returns -EIO */\n}\nprobe begin {\nprintk(0, \"CVE-2018-1000199 mitigation loaded\")\n}\nprobe end {\nprintk(0, \"CVE-2018-1000199 mitigation unloaded\")\n}\n---\n2)  Install systemtap package and its dependencies\n# yum install -y systemtap systemtap-runtime\n# yum install -y kernel-devel kernel-debuginfo  kernel-debuginfo-common\n3) Build the mitigation kernel module as root.\n# stap -r `uname -r` -m cve_2018_1000199.ko -g CVE-2018-1000199.stp -p4\n4) Load the mitigation module as root\n# staprun -L cve_2018_1000199.ko"}, "name": "CVE-2018-1000199", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1000199\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000199"], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "threat_severity": "Important"}

{

acknowledgement : Red Hat would like to thank Andy Lutomirski for reporting this issue. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2018:1355 (string)

cpe : cpe:/a:redhat:rhel_extras_rt:7 (string)

package : kernel-rt-0:3.10.0-862.2.3.rt56.806.el7 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2018-05-08T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2018:1318 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : kernel-0:3.10.0-862.2.3.el7 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2018-05-08T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2018:1374 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : kernel-alt-0:4.14.0-49.2.2.el7a (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2018-05-14T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2018:1347 (string)

cpe : cpe:/o:redhat:rhel_aus:7.2 (string)

package : kernel-0:3.10.0-327.66.3.el7 (string)

product_name : Red Hat Enterprise Linux 7.2 Advanced Update Support (string)

release_date : 2018-05-08T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2018:1347 (string)

cpe : cpe:/o:redhat:rhel_tus:7.2 (string)

package : kernel-0:3.10.0-327.66.3.el7 (string)

product_name : Red Hat Enterprise Linux 7.2 Telco Extended Update Support (string)

release_date : 2018-05-08T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2018:1347 (string)

cpe : cpe:/o:redhat:rhel_e4s:7.2 (string)

package : kernel-0:3.10.0-327.66.3.el7 (string)

product_name : Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions (string)

release_date : 2018-05-08T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2018:1348 (string)

cpe : cpe:/o:redhat:rhel_eus:7.3 (string)

package : kernel-0:3.10.0-514.48.3.el7 (string)

product_name : Red Hat Enterprise Linux 7.3 Extended Update Support (string)

release_date : 2018-05-08T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2018:1345 (string)

cpe : cpe:/o:redhat:rhel_eus:7.4 (string)

package : kernel-0:3.10.0-693.25.4.el7 (string)

product_name : Red Hat Enterprise Linux 7.4 Extended Update Support (string)

release_date : 2018-05-08T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2018:1354 (string)

cpe : cpe:/a:redhat:enterprise_mrg:2:server:el6 (string)

package : kernel-rt-1:3.10.0-693.25.4.rt56.613.el6rt (string)

product_name : Red Hat Enterprise MRG 2 (string)

release_date : 2018-05-08T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: ptrace() incorrect error handling leads to corruption and DoS (string)

id : 1568477 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1568477 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 7.8 (string)

cvss3_scoring_vector : CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H (string)

status : verified (string)

}

cwe : CWE-460 (string)

details : [ »

0 : The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (string)

1 : An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (string)

]

mitigation : { »

lang : en:us (string)

value : To mitigate this issue: 1) Save the following script in a 'CVE-2018-1000199.stp' file. --- probe kernel.function("ptrace_set_debugreg") { if ($n < 4) $n = 4; /* set invalid debug register #, returns -EIO */ } probe begin { printk(0, "CVE-2018-1000199 mitigation loaded") } probe end { printk(0, "CVE-2018-1000199 mitigation unloaded") } --- 2) Install systemtap package and its dependencies # yum install -y systemtap systemtap-runtime # yum install -y kernel-devel kernel-debuginfo kernel-debuginfo-common 3) Build the mitigation kernel module as root. # stap -r `uname -r` -m cve_2018_1000199.ko -g CVE-2018-1000199.stp -p4 4) Load the mitigation module as root # staprun -L cve_2018_1000199.ko (string)

}

name : CVE-2018-1000199 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

]

public_date : 2018-05-01T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2018-1000199 https://nvd.nist.gov/vuln/detail/CVE-2018-1000199 (string)

]

statement : This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue. (string)

threat_severity : Important (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object