Bug 1084755 - (CVE-2018-7995) VUL-0: CVE-2018-7995: kernel: Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic)
(CVE-2018-7995)
VUL-0: CVE-2018-7995: kernel: Race condition in the store_int_with_restart() ...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/201551/
CVSSv3:SUSE:CVE-2018-7995:5.5:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-09 19:11 UTC by Karol Babioch
Modified: 2020-06-13 00:56 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-03-09 19:11:32 UTC
CVE-2018-7995

Race condition in the store_int_with_restart() function in
arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local
users to cause a denial of service (panic) by leveraging root access to write to
/sys/devices/system/machinecheck/machinecheck<cpu number> (aka the
check_interval file)

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7995
https://lkml.org/lkml/2018/3/2/970
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf
Comment 3 Marcus Meissner 2018-03-14 15:31:33 UTC
Since only root can write to those sysfs variables, the issue is not a
seems not be security relevant.
Comment 6 Marcus Meissner 2019-02-12 06:42:29 UTC
we will not be fixing this issue.