First published: Wed Apr 18 2018(Updated: )
It was found that out of memory (oom) killing a process that has large spans of mlocked memory can result in deferencing a NULL pointer, leading to denial of service. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas. This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked). References: <a href="https://marc.info/?l=linux-kernel&m=152400522806945">https://marc.info/?l=linux-kernel&m=152400522806945</a> <a href="https://marc.info/?l=linux-kernel&m=152460926619256">https://marc.info/?l=linux-kernel&m=152460926619256</a> <a href="http://seclists.org/oss-sec/2018/q2/67">http://seclists.org/oss-sec/2018/q2/67</a> Introduced by: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=212925802454672e6cd2949a727f5e2c1377bf06">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=212925802454672e6cd2949a727f5e2c1377bf06</a> An upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | =4.14 | |
Linux Linux kernel | =4.15 | |
Linux Linux kernel | =4.16 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Linux Kernel vulnerability is CVE-2018-1000200.
The severity level of CVE-2018-1000200 is medium.
CVE-2018-1000200 can result in an out of memory (OOM) killing of large mlocked processes.
Linux Kernel versions 4.14, 4.15, and 4.16 are affected by CVE-2018-1000200.
Ubuntu provides several packages with remedies for CVE-2018-1000200, such as linux-lts-wily, linux-lts-xenial, linux-aws, linux-hwe, linux-hwe-edge, linux-gke, linux-azure, linux-gcp, linux-kvm, linux-euclid, linux-azure-edge, linux, linux-flo, linux-goldfish, linux-grouper, linux-lts-trusty, linux-lts-utopic, linux-lts-vivid, linux-maguro, linux-mako, linux-manta, linux-oem, linux-raspi2, and linux-snapdragon.