5.5

CVE-2018-1000200

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version4.14
LinuxLinux Kernel Version4.15
LinuxLinux Kernel Version4.16
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.249
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://seclists.org/oss-sec/2018/q2/67
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/104397
Third Party Advisory
VDB Entry
https://marc.info/?l=linux-kernel&m=152400522806945
Third Party Advisory
Mailing List
https://marc.info/?l=linux-kernel&m=152460926619256
Third Party Advisory
Mailing List