5.5

CVE-2018-1000200

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version4.14
LinuxLinux Kernel Version4.15
LinuxLinux Kernel Version4.16
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.383
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://access.redhat.com/errata/RHSA-2018:2948
https://usn.ubuntu.com/3752-1/
https://usn.ubuntu.com/3752-2/
https://usn.ubuntu.com/3752-3/
http://seclists.org/oss-sec/2018/q2/67
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/104397
Third Party Advisory
VDB Entry
https://access.redhat.com/security/cve/cve-2018-1000200
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a
Patch
Vendor Advisory
Mitigation
https://marc.info/?l=linux-kernel&m=152400522806945
Third Party Advisory
Mailing List
https://marc.info/?l=linux-kernel&m=152460926619256
Third Party Advisory
Mailing List