Bug 1100835 - (CVE-2018-10872) VUL-0: CVE-2018-10872: kernel-source: error in exception handling leads to DoS (CVE-2018-8897 regression)
(CVE-2018-10872)
VUL-0: CVE-2018-10872: kernel-source: error in exception handling leads to Do...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/210293/
CVSSv2:NVD:CVE-2018-1087:4.6:(AV:L/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-11 06:45 UTC by Marcus Meissner
Modified: 2019-12-20 07:46 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-07-11 06:45:41 UTC
rh#1596094

A flaw was found in the way the Linux kernel handled exceptions delivered after
a stack switch operation via Mov SS or Pop SS instructions. During the stack
switch operation, processor does not deliver interrupts and exceptions, they are
delivered once the first instruction after the stack switch is executed. An
unprivileged system user could use this flaw to crash the system kernel
resulting in DoS. This CVE-2018-10872 was assigned due to regression of
CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are
affected by this CVE.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1596094
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10872
Comment 1 Marcus Meissner 2018-07-11 06:46:58 UTC
This seems to be a Redhat specific regression, it does not affect SUSE Linux Enterprise or openSUSE kernels.