CVE-2018-1000199

5.5MEDIUM

Key Information

Vendor
Debian
Status
Debian Linux
Vendor
CVE Published:
24 May 2018

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-1000199
Created by dsfau

References

https://www.debian.org/security/2018/dsa-4187
vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1347
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1348
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)
.