CVE-2016-10723

{"id": "CVE-2016-10723", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-06-21T13:29:00.210", "references": [{"url": "https://patchwork.kernel.org/patch/10395909/", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://patchwork.kernel.org/patch/9842889/", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.spinics.net/lists/linux-mm/msg117896.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \"the underlying problem is non-trivial to handle."}, {"lang": "es", "value": "** EN DISPUTA ** Se ha descubierto un problema en el kernel de Linux hasta la versi\u00f3n 4.17.2. Debido a que el asignador de p\u00e1ginas no asigna recursos de la CPU al propietario del mutex oom_lock mutex, un usuario local sin privilegios puede bloquear el sistema para siempre malgastando recursos de la CPU del asignador de la p\u00e1gina (p.ej., mediante eventos concurrentes de error de p\u00e1gina) cuando se invoca al killer OOM global. NOTA: el mantenedor de software no ha aceptado ciertos parches propuestos, en parte debido que, seg\u00fan su punto de vista, \"el problema subyacente no es trivial de manejar\"."}], "lastModified": "2024-04-11T00:55:05.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7B1384E-833A-4422-A6B1-F80FB3EA20B6", "versionEndIncluding": "4.17.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}