Denial of service in Red Hat Enterprise Linux for x86_64 - CVE-2018-10872
Published: July 16, 2018 / Updated: July 16, 2018
Vulnerability identifier: #VU13877
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-10872
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux for x86_64
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a flaw in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. A remote attacker can crash the system kernel resulting in DoS.
How to mitigate CVE-2018-10872
Install update from vendor's website.