4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
20.9%
DISPUTED An issue was discovered in the Linux kernel through 4.17.2.
Since the page allocator does not yield CPU resources to the owner of the
oom_lock mutex, a local unprivileged user can trivially lock up the system
forever by wasting CPU resources from the page allocator (e.g., via
concurrent page fault events) when the global OOM killer is invoked. NOTE:
the software maintainer has not accepted certain proposed patches, in part
because of a viewpoint that “the underlying problem is non-trivial to
handle.”
Author | Note |
---|---|
tyhicks | 9bfe5ded054b8e28a94c78580f233d6879a00146 may be an incomplete fix; see the lore.kernel.org references above As of 2019-01-24, we’re deferring this issue since there’s not a complete, low risk fix available |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp | < 5.0.0-1020.20~18.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-kvm | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-kvm | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp-edge | < 5.0.0-1020.20~18.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2016-10723
lore.kernel.org/lkml/[email protected]/
lore.kernel.org/lkml/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2016-10723
patchwork.kernel.org/patch/10395909/
patchwork.kernel.org/patch/9842889/
security-tracker.debian.org/tracker/CVE-2016-10723
www.cve.org/CVERecord?id=CVE-2016-10723
www.spinics.net/lists/linux-mm/msg117896.html
4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
20.9%