Impact: Moderate Public Date: 2019-05-22 CWE: CWE-119 Bugzilla: 1715823: CVE-2018-12886 gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-12886 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 6.8 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | None |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | gcc | Under investigation |
| Red Hat Enterprise Linux 8 | gcc | Under investigation |
| Red Hat Enterprise Linux 7 | gcc | Under investigation |
| Red Hat Enterprise Linux 6 | gcc | Under investigation |
| Red Hat Enterprise Linux 5 | gcc | Under investigation |
| Red Hat Enterprise Linux 5 | gcc44 | Under investigation |
| Red Hat Enterprise Linux 4 | gcc | Under investigation |
| Red Hat Enterprise Linux 4 | gcc4 | Under investigation |
Vulmon