CVE-2017-18232
First published: Thu Mar 15 2018(Updated: )
The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. An upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=4.15.9 | |
| ubuntu/linux | <4.16~ | 4.16~ |
| ubuntu/linux | <4.4.0-166.195 | 4.4.0-166.195 |
| ubuntu/linux-aws | <4.4.0-1056.60 | 4.4.0-1056.60 |
| ubuntu/linux-aws | <4.16~ | 4.16~ |
| ubuntu/linux-aws | <4.4.0-1096.107 | 4.4.0-1096.107 |
| ubuntu/linux-aws-hwe | <4.16~ | 4.16~ |
| ubuntu/linux-azure | <4.16~ | 4.16~ |
| ubuntu/linux-azure | <4.15.0-1013.13~16.04.2 | 4.15.0-1013.13~16.04.2 |
| ubuntu/linux-azure-edge | <4.16~ | 4.16~ |
| ubuntu/linux-azure-edge | <4.15.0-1013.13~16.04.2 | 4.15.0-1013.13~16.04.2 |
| ubuntu/linux-euclid | <4.16~ | 4.16~ |
| ubuntu/linux-flo | <4.16~ | 4.16~ |
| ubuntu/linux-gcp | <4.16~ | 4.16~ |
| ubuntu/linux-gcp | <4.15.0-1014.14~16.04.1 | 4.15.0-1014.14~16.04.1 |
| ubuntu/linux-gcp-edge | <4.16~ | 4.16~ |
| ubuntu/linux-gke | <4.16~ | 4.16~ |
| ubuntu/linux-gke-4.15 | <4.16~ | 4.16~ |
| ubuntu/linux-gke-5.0 | <4.16~ | 4.16~ |
| ubuntu/linux-goldfish | <4.16~ | 4.16~ |
| ubuntu/linux-grouper | <4.16~ | 4.16~ |
| ubuntu/linux-hwe | <4.16~ | 4.16~ |
| ubuntu/linux-hwe | <4.15.0-24.26~16.04.1 | 4.15.0-24.26~16.04.1 |
| ubuntu/linux-hwe-edge | <4.16~ | 4.16~ |
| ubuntu/linux-hwe-edge | <4.15.0-24.26~16.04.1 | 4.15.0-24.26~16.04.1 |
| ubuntu/linux-kvm | <4.16~ | 4.16~ |
| ubuntu/linux-kvm | <4.4.0-1060.67 | 4.4.0-1060.67 |
| ubuntu/linux-lts-trusty | <4.16~ | 4.16~ |
| ubuntu/linux-lts-utopic | <4.16~ | 4.16~ |
| ubuntu/linux-lts-vivid | <4.16~ | 4.16~ |
| ubuntu/linux-lts-wily | <4.16~ | 4.16~ |
| ubuntu/linux-lts-xenial | <4.4.0-166.195~14.04.1 | 4.4.0-166.195~14.04.1 |
| ubuntu/linux-lts-xenial | <4.16~ | 4.16~ |
| ubuntu/linux-maguro | <4.16~ | 4.16~ |
| ubuntu/linux-mako | <4.16~ | 4.16~ |
| ubuntu/linux-manta | <4.16~ | 4.16~ |
| ubuntu/linux-oem | <4.16~ | 4.16~ |
| ubuntu/linux-oracle | <4.16~ | 4.16~ |
| ubuntu/linux-raspi2 | <4.16~ | 4.16~ |
| ubuntu/linux-raspi2 | <4.4.0-1124.133 | 4.4.0-1124.133 |
| ubuntu/linux-snapdragon | <4.15.0-1053.57 | 4.15.0-1053.57 |
| ubuntu/linux-snapdragon | <4.16~ | 4.16~ |
| ubuntu/linux-snapdragon | <4.4.0-1128.136 | 4.4.0-1128.136 |
| debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 6.8.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d
- http://www.securityfocus.com/bid/103423
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- https://www.debian.org/security/2018/dsa-4187
- https://launchpad.net/bugs/cve/CVE-2017-18232
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1558067
- https://bugzilla.redhat.com/show_bug.cgi?id=1558066
- https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d
- https://security-tracker.debian.org/tracker/CVE-2017-18232
- https://ubuntu.com/security/notices/USN-4163-1
- https://ubuntu.com/security/notices/USN-4163-2
- https://www.cve.org/CVERecord?id=CVE-2017-18232
- https://nvd.nist.gov/vuln/detail/CVE-2017-18232
- https://git.kernel.org/linus/87c8331fcf72e501c3a3c0cdc5c9391ec72f7cf2
- https://ubuntu.com/security/CVE-2017-18232
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2017-18232.
What is the severity level of CVE-2017-18232?
CVE-2017-18232 has a severity level of low.
How does CVE-2017-18232 affect the Linux kernel?
CVE-2017-18232 affects the Linux kernel through version 4.15.9.
What is the impact of CVE-2017-18232?
CVE-2017-18232 can cause a denial of service (deadlock) by triggering certain error-handling code.
How can I fix CVE-2017-18232?
To fix CVE-2017-18232, update your Linux kernel to version 4.16 or higher.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-18232
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- agent/severity
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.15.9
- package-manager/ubuntu
- package-manager/debian