{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-27T11:06:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3821-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3821-1/"}, {"name": "USN-3835-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3835-1/"}, {"name": "RHSA-2019:0512", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0512"}, {"name": "USN-3880-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3880-1/"}, {"name": "USN-3871-5", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3871-5/"}, {"name": "USN-3871-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3871-4/"}, {"name": "105525", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105525"}, {"name": "USN-3880-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3880-2/"}, {"name": "USN-3832-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3832-1/"}, {"name": "USN-3821-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3821-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2"}, {"name": "USN-3871-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3871-1/"}, {"name": "RHSA-2019:0514", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0514"}, {"name": "USN-3871-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3871-3/"}, {"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"name": "RHSA-2019:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0831"}, {"name": "openSUSE-SU-2019:1407", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"}, {"name": "RHSA-2019:2473", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2473"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K27673650?utm_source=f5support&amp%3Butm_medium=RSS"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17972", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3821-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3821-1/"}, {"name": "USN-3835-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3835-1/"}, {"name": "RHSA-2019:0512", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0512"}, {"name": "USN-3880-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3880-1/"}, {"name": "USN-3871-5", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3871-5/"}, {"name": "USN-3871-4", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3871-4/"}, {"name": "105525", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105525"}, {"name": "USN-3880-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3880-2/"}, {"name": "USN-3832-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3832-1/"}, {"name": "USN-3821-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3821-2/"}, {"name": "https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2", "refsource": "MISC", "url": "https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2"}, {"name": "USN-3871-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3871-1/"}, {"name": "RHSA-2019:0514", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0514"}, {"name": "USN-3871-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3871-3/"}, {"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"name": "RHSA-2019:0831", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0831"}, {"name": "openSUSE-SU-2019:1407", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"}, {"name": "RHSA-2019:2473", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2473"}, {"name": "https://support.f5.com/csp/article/K27673650?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K27673650?utm_source=f5support&utm_medium=RSS"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:01:14.755Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3821-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3821-1/"}, {"name": "USN-3835-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3835-1/"}, {"name": "RHSA-2019:0512", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0512"}, {"name": "USN-3880-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3880-1/"}, {"name": "USN-3871-5", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3871-5/"}, {"name": "USN-3871-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3871-4/"}, {"name": "105525", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105525"}, {"name": "USN-3880-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3880-2/"}, {"name": "USN-3832-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3832-1/"}, {"name": "USN-3821-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3821-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2"}, {"name": "USN-3871-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3871-1/"}, {"name": "RHSA-2019:0514", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0514"}, {"name": "USN-3871-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3871-3/"}, {"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"name": "RHSA-2019:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0831"}, {"name": "openSUSE-SU-2019:1407", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"}, {"name": "RHSA-2019:2473", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2473"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K27673650?utm_source=f5support&amp%3Butm_medium=RSS"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-17972", "datePublished": "2018-10-03T22:00:00", "dateReserved": "2018-10-03T00:00:00", "dateUpdated": "2024-08-05T11:01:14.755Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FDD228D-2972-48DC-9C06-B93D17D4B441", "versionEndIncluding": "4.18.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en la funci\u00f3n proc_pid_stack en fs/proc/base.c en el kernel de Linux hasta la versi\u00f3n 4.18.11. No asegura que solo root pueda inspeccionar la pila del kernel de una tarea arbitraria, lo que permite que un atacante local explote de forma arbitraria el proceso de marcha atr\u00e1s en la pila a la hora de producirse una excepci\u00f3n (stack unwinding) y filtre el contenido de la pila de tareas del kernel."}], "id": "CVE-2018-17972", "lastModified": "2024-11-21T03:55:18.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-03T22:29:00.800", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105525"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0512"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0514"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:0831"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2473"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2"}, {"source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K27673650?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3821-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3821-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3832-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3835-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-3/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-4/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-5/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3880-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3880-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105525"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:0831"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2473"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K27673650?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3821-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3821-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3832-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3835-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3880-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3880-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:2473", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-754.18.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-08-13T00:00:00Z"}, {"advisory": "RHSA-2019:0514", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-957.10.1.rt56.921.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-03-13T00:00:00Z"}, {"advisory": "RHSA-2019:0512", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-957.10.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-03-13T00:00:00Z"}, {"advisory": "RHSA-2019:0831", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.7.1.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-04-23T00:00:00Z"}], "bugzilla": {"description": "kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks", "id": "1636349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636349"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.", "An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task."], "name": "CVE-2018-17972", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2018-09-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-17972\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17972"], "threat_severity": "Moderate"}