{"id":"CVE-2018-17972","details":"An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.","modified":"2026-03-15T22:19:34.212834Z","published":"2018-10-03T22:29:00.800Z","related":["SUSE-SU-2019:14089-1","SUSE-SU-2019:1527-1","SUSE-SU-2019:1532-1","SUSE-SU-2019:1533-1","SUSE-SU-2019:1534-1","SUSE-SU-2019:1692-1"],"references":[{"type":"WEB","url":"https://support.f5.com/csp/article/K27673650?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3821-2/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2473"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3832-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3871-4/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0514"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0831"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3871-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3880-2/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0512"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3821-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3835-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3871-3/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3871-5/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3880-1/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105525"},{"type":"FIX","url":"https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17972.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.18.11"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}