Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-1000200
HistoryApr 23, 2018 - 12:00 a.m.

CVE-2018-1000200

2018-04-2300:00:00
ubuntu.com
ubuntu.com
24

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.7%

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer
dereference which can result in an out of memory (OOM) killing of large
mlocked processes. The issue arises from an oom killed process’s final
thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked
vmas.This can happen synchronously with the oom reaper’s unmap_page_range()
since the vma’s VM_LOCKED bit is cleared before munlocking (to determine if
any other vmas share the memory and are mlocked).

Notes

Author Note
tyhicks Proposed fix (v2): https://marc.info/?l=linux-kernel&m=152401997210084&w=2 Proposed fix (v3): https://marc.info/?l=linux-kernel&m=152460926619256
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-33.36UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1020.20UNKNOWN
ubuntu18.04noarchlinux-azure< 4.15.0-1022.23UNKNOWN
ubuntu16.04noarchlinux-azure< 4.15.0-1022.22~16.04.1UNKNOWN
ubuntu16.04noarchlinux-azure-edge< 4.15.0-1022.23UNKNOWN
ubuntu18.04noarchlinux-gcp< 4.15.0-1018.19UNKNOWN
ubuntu16.04noarchlinux-gcp< 4.15.0-1018.19~16.04.2UNKNOWN
ubuntu16.04noarchlinux-hwe< 4.15.0-33.36~16.04.1UNKNOWN
ubuntu16.04noarchlinux-hwe-edge< 4.15.0-33.36~16.04.1UNKNOWN
ubuntu18.04noarchlinux-kvm< 4.15.0-1020.20UNKNOWN
Rows per page:
1-10 of 121

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.7%