Vulnerability Description
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872Issue TrackingPatchThird Party Advisory
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+Struxur
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://access.redhat.com/errata/RHSA-2018:2164Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872Issue TrackingPatchThird Party Advisory
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+Struxur
- https://www.oracle.com/security-alerts/cpujul2020.html
FAQ
What is CVE-2018-10872?
CVE-2018-10872 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not delive...
How severe is CVE-2018-10872?
CVE-2018-10872 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10872?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.