Main Vulnerability Database SB2018070315

SB2018070315 - Fedora 27 update for kernel, kernel-tools

Published: July 3, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018070315

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2018-12714)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to the filter-parsing component, as defined in the kernel/trace/trace_events_filter.c source code file of the affected software, could be called without a filter, which would result in an N=0 case. A local attacker can make perf_event_open and mmap system calls that submit malicious input, trigger a slab out-of-bounds write condition in the predicate_parse function and cause the system to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in complete system compromise.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2018-0f7448b3ab

SB2018070315 - Fedora 27 update for kernel, kernel-tools

Breakdown by Severity

Description

Remediation

References

Please verify you're human