Описание
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.
Отчет
This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.
Меры по смягчению последствий
To mitigate this issue:
- Save the following script in a 'CVE-2018-1000199.stp' file.
probe kernel.function("ptrace_set_debugreg") { if ($n < 4) $n = 4; /* set invalid debug register #, returns -EIO */ } probe begin { printk(0, "CVE-2018-1000199 mitigation loaded") } probe end { printk(0, "CVE-2018-1000199 mitigation unloaded") }
- Install systemtap package and its dependencies
yum install -y systemtap systemtap-runtime
yum install -y kernel-devel kernel-debuginfo kernel-debuginfo-common
- Build the mitigation kernel module as root.
stap -r uname -r -m cve_2018_1000199.ko -g CVE-2018-1000199.stp -p4
- Load the mitigation module as root
staprun -L cve_2018_1000199.ko
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2018:1355 | 08.05.2018 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2018:1318 | 08.05.2018 |
| Red Hat Enterprise Linux 7 | kernel-alt | Fixed | RHSA-2018:1374 | 14.05.2018 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | kernel | Fixed | RHSA-2018:1347 | 08.05.2018 |
| Red Hat Enterprise Linux 7.2 Telco Extended Update Support | kernel | Fixed | RHSA-2018:1347 | 08.05.2018 |
| Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions | kernel | Fixed | RHSA-2018:1347 | 08.05.2018 |
| Red Hat Enterprise Linux 7.3 Extended Update Support | kernel | Fixed | RHSA-2018:1348 | 08.05.2018 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
The Linux Kernel version 3.18 contains a dangerous feature vulnerabili ...
Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP1)
Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2)
7.8 High
CVSS3