FKIE_CVE-2018-1000200

Vulnerability from fkie_nvd - Published: 2018-06-05 13:29 - Updated: 2024-11-21 03:39
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).
References
cve@mitre.orghttp://seclists.org/oss-sec/2018/q2/67Mailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/104397Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2018:2948
cve@mitre.orghttps://access.redhat.com/security/cve/cve-2018-1000200Third Party Advisory
cve@mitre.orghttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483aMitigation, Patch, Vendor Advisory
cve@mitre.orghttps://marc.info/?l=linux-kernel&m=152400522806945Mailing List, Third Party Advisory
cve@mitre.orghttps://marc.info/?l=linux-kernel&m=152460926619256Mailing List, Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3752-1/
cve@mitre.orghttps://usn.ubuntu.com/3752-2/
cve@mitre.orghttps://usn.ubuntu.com/3752-3/
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2018/q2/67Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104397Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2948
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/cve-2018-1000200Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483aMitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://marc.info/?l=linux-kernel&m=152400522806945Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://marc.info/?l=linux-kernel&m=152460926619256Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3752-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3752-2/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3752-3/
Impacted products
Vendor Product Version
linux linux_kernel 4.14
linux linux_kernel 4.15
linux linux_kernel 4.16
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31DCD50-805F-4CC6-9A98-2AC8BC224DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "380E55F5-238D-4FBB-8DB1-DB10EFC37CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "A63F7D1D-EB47-48AE-B89E-E84A63579FA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process\u0027s final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper\u0027s unmap_page_range() since the vma\u0027s VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)."
    },
    {
      "lang": "es",
      "value": "Las versiones 4.14, 4.15 y 4.16 del kernel de Linux tienen una desreferencia de puntero NULL que puede resultar en agotamiento de memoria (OOM), cerrando grandes procesos bloqueados. El problema surge del hilo final de un proceso finalizado por un OOM que llama a exit_mmap(), el cual llama a munlock_vma_pages_all() para mlocked vmas. Esto puede ocurrir en sincron\u00eda con el rango unmap_page_range() del oom reaper ya que el bit VM_LOCKED del vma se borra antes del munlocking (para determinar si otros vmas comparten la memoria y son bloqueados)."
    }
  ],
  "id": "CVE-2018-1000200",
  "lastModified": "2024-11-21T03:39:55.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-05T13:29:00.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2018/q2/67"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104397"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2018:2948"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2018-1000200"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://marc.info/?l=linux-kernel\u0026m=152400522806945"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://marc.info/?l=linux-kernel\u0026m=152460926619256"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3752-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3752-2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/3752-3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/oss-sec/2018/q2/67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:2948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2018-1000200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://marc.info/?l=linux-kernel\u0026m=152400522806945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://marc.info/?l=linux-kernel\u0026m=152460926619256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3752-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3752-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3752-3/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.