Linux Kernel CVE-2018-1000199 Local Memory Corruption Vulnerability

Bugtraq ID:	104522
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-1000199
Remote:	No
Local:	Yes
Published:	May 01 2018 12:00AM
Updated:	May 01 2018 12:00AM
Credit:	Andy Lutomirski
Vulnerable:	Redhat Enterprise Mrg 2 Redhat Enterprise Linux Server TUS 7.2 Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.2 Redhat Enterprise Linux Extended Update Support 7.3 Redhat Enterprise Linux 7 Linux kernel 3.18
Not Vulnerable:

Linux Kernel CVE-2018-1000199 Local Memory Corruption Vulnerability

Linux Kernel is prone to a local memory-corruption vulnerability.

Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges. Failed attack attempts will likely result in denial-of-service conditions.

Linux Kernel 3.18 is vulnerable; other versions may also be affected.

Linux Kernel CVE-2018-1000199 Local Memory Corruption Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Linux Kernel CVE-2018-1000199 Local Memory Corruption Vulnerability

References:

• Bug 1568477 - (CVE-2018-1000199) CVE-2018-1000199 kernel: ptrace() incorrect err (Red Hat Bugzilla)
  
• CVE-2018-1000199 (Red Hat Bugzilla)
  
• hw_breakpoint: Add perf_event_attr fields check in __modify_user_hw_breakpoint() (Linux)
  
• Linux kernel Homepage (kernel.org)
  
• hw_breakpoint: Factor out __modify_user_hw_breakpoint() function (Linux)
  
• perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linux)