First published: Thu Mar 15 2018(Updated: )
The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. An upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <=4.15.9 | |
ubuntu/linux | <4.16~ | 4.16~ |
ubuntu/linux | <4.4.0-166.195 | 4.4.0-166.195 |
ubuntu/linux-aws | <4.4.0-1056.60 | 4.4.0-1056.60 |
ubuntu/linux-aws | <4.16~ | 4.16~ |
ubuntu/linux-aws | <4.4.0-1096.107 | 4.4.0-1096.107 |
ubuntu/linux-aws-hwe | <4.16~ | 4.16~ |
ubuntu/linux-azure | <4.16~ | 4.16~ |
ubuntu/linux-azure | <4.15.0-1013.13~16.04.2 | 4.15.0-1013.13~16.04.2 |
ubuntu/linux-azure-edge | <4.16~ | 4.16~ |
ubuntu/linux-azure-edge | <4.15.0-1013.13~16.04.2 | 4.15.0-1013.13~16.04.2 |
ubuntu/linux-euclid | <4.16~ | 4.16~ |
ubuntu/linux-flo | <4.16~ | 4.16~ |
ubuntu/linux-gcp | <4.16~ | 4.16~ |
ubuntu/linux-gcp | <4.15.0-1014.14~16.04.1 | 4.15.0-1014.14~16.04.1 |
ubuntu/linux-gcp-edge | <4.16~ | 4.16~ |
ubuntu/linux-gke | <4.16~ | 4.16~ |
ubuntu/linux-gke-4.15 | <4.16~ | 4.16~ |
ubuntu/linux-gke-5.0 | <4.16~ | 4.16~ |
ubuntu/linux-goldfish | <4.16~ | 4.16~ |
ubuntu/linux-grouper | <4.16~ | 4.16~ |
ubuntu/linux-hwe | <4.16~ | 4.16~ |
ubuntu/linux-hwe | <4.15.0-24.26~16.04.1 | 4.15.0-24.26~16.04.1 |
ubuntu/linux-hwe-edge | <4.16~ | 4.16~ |
ubuntu/linux-hwe-edge | <4.15.0-24.26~16.04.1 | 4.15.0-24.26~16.04.1 |
ubuntu/linux-kvm | <4.16~ | 4.16~ |
ubuntu/linux-kvm | <4.4.0-1060.67 | 4.4.0-1060.67 |
ubuntu/linux-lts-trusty | <4.16~ | 4.16~ |
ubuntu/linux-lts-utopic | <4.16~ | 4.16~ |
ubuntu/linux-lts-vivid | <4.16~ | 4.16~ |
ubuntu/linux-lts-wily | <4.16~ | 4.16~ |
ubuntu/linux-lts-xenial | <4.4.0-166.195~14.04.1 | 4.4.0-166.195~14.04.1 |
ubuntu/linux-lts-xenial | <4.16~ | 4.16~ |
ubuntu/linux-maguro | <4.16~ | 4.16~ |
ubuntu/linux-mako | <4.16~ | 4.16~ |
ubuntu/linux-manta | <4.16~ | 4.16~ |
ubuntu/linux-oem | <4.16~ | 4.16~ |
ubuntu/linux-oracle | <4.16~ | 4.16~ |
ubuntu/linux-raspi2 | <4.16~ | 4.16~ |
ubuntu/linux-raspi2 | <4.4.0-1124.133 | 4.4.0-1124.133 |
ubuntu/linux-snapdragon | <4.15.0-1053.57 | 4.15.0-1053.57 |
ubuntu/linux-snapdragon | <4.16~ | 4.16~ |
ubuntu/linux-snapdragon | <4.4.0-1128.136 | 4.4.0-1128.136 |
debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 6.8.9-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this security issue is CVE-2017-18232.
CVE-2017-18232 has a severity level of low.
CVE-2017-18232 affects the Linux kernel through version 4.15.9.
CVE-2017-18232 can cause a denial of service (deadlock) by triggering certain error-handling code.
To fix CVE-2017-18232, update your Linux kernel to version 4.16 or higher.