CVE-2018-17972 (NVD)

2018-10-03

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

Products Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
Type Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
First patch - None (likely due to unavailable code)
Links https://access.redhat.com/errata/RHSA-2019:2473
https://usn.ubuntu.com/3880-2/
https://support.f5.com/csp/article/K27673650?utm_source=f5support&amp%3Butm_medium=RSS
https://access.redhat.com/errata/RHSA-2019:0514
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html