CVE-2018-1091

Impact:
Moderate
Public Date:
2017-09-13
CWE:
CWE-391
Bugzilla:
1558149: CVE-2018-1091 kernel: guest kernel crash during core dump on POWER9 host
A flaw was found in the Linux kernel where a crash can be triggered from unprivileged userspace during core dump on a POWER system with a certain configuration. This is due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path leading to a denial of service.

Find out more about CVE-2018-1091 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 4.7
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (kernel) RHSA-2018:1318 2018-05-08

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 7 kernel-rt Not affected
Red Hat Enterprise Linux 7 kernel-alt Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.