Veracode Vulnerability DatabaseVERACODE:19508Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
Linux kernel is vulnerable to denial of service(DoS) attacks. A local user could exploit a flaw in the madvise_willneed function in mm/madvise.c to cause application crash by triggering use of MADVISE_WILLNEED for a DAX mapping.
References
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
access.redhat.com/articles/3553061
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
access.redhat.com/errata/RHSA-2018:2948
access.redhat.com/errata/RHSA-2018:3083
access.redhat.com/errata/RHSA-2018:3096
access.redhat.com/security/cve/CVE-2017-18360
access.redhat.com/security/cve/CVE-2018-18690
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1322930
bugzilla.redhat.com/show_bug.cgi?id=1488484
bugzilla.redhat.com/show_bug.cgi?id=1504058
bugzilla.redhat.com/show_bug.cgi?id=1507027
bugzilla.redhat.com/show_bug.cgi?id=1542494
bugzilla.redhat.com/show_bug.cgi?id=1557434
bugzilla.redhat.com/show_bug.cgi?id=1557599
bugzilla.redhat.com/show_bug.cgi?id=1558328
bugzilla.redhat.com/show_bug.cgi?id=1561162
bugzilla.redhat.com/show_bug.cgi?id=1563697
bugzilla.redhat.com/show_bug.cgi?id=1564186
bugzilla.redhat.com/show_bug.cgi?id=1568167
bugzilla.redhat.com/show_bug.cgi?id=1572983
bugzilla.redhat.com/show_bug.cgi?id=1584775
bugzilla.redhat.com/show_bug.cgi?id=1592654
bugzilla.redhat.com/show_bug.cgi?id=1609717
github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
usn.ubuntu.com/3619-1/
usn.ubuntu.com/3619-2/
usn.ubuntu.com/3653-1/
usn.ubuntu.com/3653-2/
usn.ubuntu.com/3655-1/
usn.ubuntu.com/3655-2/
usn.ubuntu.com/3657-1/
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C