{
  "threat_severity" : "Important",
  "public_date" : "2018-05-01T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ptrace() incorrect error handling leads to corruption and DoS",
    "id" : "1568477",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1568477"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-460",
  "details" : [ "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.", "An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system." ],
  "statement" : "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.",
  "acknowledgement" : "Red Hat would like to thank Andy Lutomirski for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-05-08T00:00:00Z",
    "advisory" : "RHSA-2018:1355",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-862.2.3.rt56.806.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-05-08T00:00:00Z",
    "advisory" : "RHSA-2018:1318",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-862.2.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-05-14T00:00:00Z",
    "advisory" : "RHSA-2018:1374",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-alt-0:4.14.0-49.2.2.el7a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2018-05-08T00:00:00Z",
    "advisory" : "RHSA-2018:1347",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "kernel-0:3.10.0-327.66.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Telco Extended Update Support",
    "release_date" : "2018-05-08T00:00:00Z",
    "advisory" : "RHSA-2018:1347",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.2",
    "package" : "kernel-0:3.10.0-327.66.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions",
    "release_date" : "2018-05-08T00:00:00Z",
    "advisory" : "RHSA-2018:1347",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.2",
    "package" : "kernel-0:3.10.0-327.66.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Extended Update Support",
    "release_date" : "2018-05-08T00:00:00Z",
    "advisory" : "RHSA-2018:1348",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.3",
    "package" : "kernel-0:3.10.0-514.48.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Extended Update Support",
    "release_date" : "2018-05-08T00:00:00Z",
    "advisory" : "RHSA-2018:1345",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.4",
    "package" : "kernel-0:3.10.0-693.25.4.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2018-05-08T00:00:00Z",
    "advisory" : "RHSA-2018:1354",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-693.25.4.rt56.613.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-1000199\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000199" ],
  "name" : "CVE-2018-1000199",
  "mitigation" : {
    "value" : "To mitigate this issue:\n1) Save the following script in a 'CVE-2018-1000199.stp' file.\n---\nprobe kernel.function(\"ptrace_set_debugreg\") {\nif ($n < 4)\n$n = 4; /* set invalid debug register #, returns -EIO */\n}\nprobe begin {\nprintk(0, \"CVE-2018-1000199 mitigation loaded\")\n}\nprobe end {\nprintk(0, \"CVE-2018-1000199 mitigation unloaded\")\n}\n---\n2)  Install systemtap package and its dependencies\n# yum install -y systemtap systemtap-runtime\n# yum install -y kernel-devel kernel-debuginfo  kernel-debuginfo-common\n3) Build the mitigation kernel module as root.\n# stap -r `uname -r` -m cve_2018_1000199.ko -g CVE-2018-1000199.stp -p4\n4) Load the mitigation module as root\n# staprun -L cve_2018_1000199.ko",
    "lang" : "en:us"
  },
  "csaw" : false
}