Lucene search

Ubuntu.comUB:CVE-2016-10723

HistoryJun 21, 2018 - 12:00 a.m.

CVE-2016-10723

2018-06-2100:00:00

ubuntu.com

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.9%

JSON

DISPUTED An issue was discovered in the Linux kernel through 4.17.2.
Since the page allocator does not yield CPU resources to the owner of the
oom_lock mutex, a local unprivileged user can trivially lock up the system
forever by wasting CPU resources from the page allocator (e.g., via
concurrent page fault events) when the global OOM killer is invoked. NOTE:
the software maintainer has not accepted certain proposed patches, in part
because of a viewpoint that “the underlying problem is non-trivial to
handle.”

Notes

Author	Note
tyhicks	9bfe5ded054b8e28a94c78580f233d6879a00146 may be an incomplete fix; see the lore.kernel.org references above As of 2019-01-24, we’re deferring this issue since there’s not a complete, low risk fix available

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu16.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-gke< anyUNKNOWN
ubuntu16.04noarchlinux-azure< anyUNKNOWN
ubuntu16.04noarchlinux-gcp< anyUNKNOWN
ubuntu18.04noarchlinux-gcp< 5.0.0-1020.20~18.04.1UNKNOWN
ubuntu16.04noarchlinux-kvm< anyUNKNOWN
ubuntu18.04noarchlinux-kvm< anyUNKNOWN
ubuntu18.04noarchlinux-gcp-edge< 5.0.0-1020.20~18.04.1UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	16.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gke	< any	UNKNOWN
ubuntu	16.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	16.04	noarch	linux-gcp	< any	UNKNOWN
ubuntu	18.04	noarch	linux-gcp	< 5.0.0-1020.20~18.04.1	UNKNOWN
ubuntu	16.04	noarch	linux-kvm	< any	UNKNOWN
ubuntu	18.04	noarch	linux-kvm	< any	UNKNOWN
ubuntu	18.04	noarch	linux-gcp-edge	< 5.0.0-1020.20~18.04.1	UNKNOWN
ubuntu	16.04	noarch	linux-aws-hwe	< any	UNKNOWN

Rows per page:

1-10 of 231

References

launchpad.net/bugs/cve/CVE-2016-10723

lore.kernel.org/lkml/[email protected]/

nvd.nist.gov/vuln/detail/CVE-2016-10723

patchwork.kernel.org/patch/10395909/

patchwork.kernel.org/patch/9842889/

security-tracker.debian.org/tracker/CVE-2016-10723

www.cve.org/CVERecord?id=CVE-2016-10723

www.spinics.net/lists/linux-mm/msg117896.html

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.9%

JSON

Related for UB:CVE-2016-10723