CVE-2018-7995
low-risk
Published 2018-03-09
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10
Medium
LOCAL
/ HIGH complexity
Affected Products (4)
References (20)
Third Party Advisory
http://www.securityfocus.com/bid/103356
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1084755
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
Third Party Advisory
https://usn.ubuntu.com/3654-1/
Third Party Advisory
https://usn.ubuntu.com/3654-2/
Third Party Advisory
https://usn.ubuntu.com/3656-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4187
Third Party Advisory
https://www.debian.org/security/2018/dsa-4188
Third Party Advisory
http://www.securityfocus.com/bid/103356
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1084755
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
Third Party Advisory
https://usn.ubuntu.com/3654-1/
Third Party Advisory
https://usn.ubuntu.com/3654-2/
Third Party Advisory
https://usn.ubuntu.com/3656-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4187
Third Party Advisory
https://www.debian.org/security/2018/dsa-4188
22
/ 100
low-risk
Severity
12/34 · Low
Exploitability
0/34 · Minimal
Exposure
10/34 · Low