Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-17972

Опубликовано: 27 сент. 2018
Источник: redhat
CVSS3: 3.3

Описание

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtWill not fix
Red Hat Enterprise Linux 6kernelFixedRHSA-2019:247313.08.2019
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2019:051413.03.2019
Red Hat Enterprise Linux 7kernelFixedRHSA-2019:051213.03.2019
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2019:083123.04.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1636349kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-17972

CVSS3: 5.5
ubuntu
больше 6 лет назад

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

nvd логотип

CVE-2018-17972

CVSS3: 5.5
nvd
больше 6 лет назад

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

debian логотип

CVE-2018-17972

CVSS3: 5.5
debian
больше 6 лет назад

An issue was discovered in the proc_pid_stack function in fs/proc/base ...

github логотип

GHSA-qgp4-5xqg-pc3p

CVSS3: 5.5
github
около 3 лет назад

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

fstec логотип

BDU:2019-00570

CVSS3: 5.5
fstec
больше 6 лет назад

Уязвимость функции proc_pid_stack ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

3.3 Low

CVSS3