CVE-2018-17972
Public on 2018-10-03
Modified on 2018-11-08
Description
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | 2018-11-05 | ALAS-2018-1100 | Fixed |
| Amazon Linux 2 - Core | kernel | 2018-11-07 | ALAS2-2018-1100 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| NVD | CVSSv3 | 5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| NVD | CVSSv2 | 4.9 | AV:L/AC:L/Au:N/C:C/I:N/A:N |