CVE-2018-1000200

{"id": "CVE-2018-1000200", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-06-05T13:29:00.297", "references": [{"url": "http://seclists.org/oss-sec/2018/q2/67", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/104397", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2948", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/security/cve/cve-2018-1000200", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://marc.info/?l=linux-kernel&m=152400522806945", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://marc.info/?l=linux-kernel&m=152460926619256", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3752-1/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3752-2/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3752-3/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)."}, {"lang": "es", "value": "Las versiones 4.14, 4.15 y 4.16 del kernel de Linux tienen una desreferencia de puntero NULL que puede resultar en agotamiento de memoria (OOM), cerrando grandes procesos bloqueados. El problema surge del hilo final de un proceso finalizado por un OOM que llama a exit_mmap(), el cual llama a munlock_vma_pages_all() para mlocked vmas. Esto puede ocurrir en sincron\u00eda con el rango unmap_page_range() del oom reaper ya que el bit VM_LOCKED del vma se borra antes del munlocking (para determinar si otros vmas comparten la memoria y son bloqueados)."}], "lastModified": "2018-10-31T10:30:41.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:4.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D31DCD50-805F-4CC6-9A98-2AC8BC224DF6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "380E55F5-238D-4FBB-8DB1-DB10EFC37CD0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A63F7D1D-EB47-48AE-B89E-E84A63579FA6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}