CVE-2018-10872
Last modified
CVE-2018-10872 is a vulnerability of currently unknown severity. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
References
- https://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872Issue Tracking, Patch, Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10872?
How severe is CVE-2018-10872?
How do I fix CVE-2018-10872?
Are you affected by CVE-2018-10872?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST