Vulnerability Details : CVE-2017-18221
The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-18221
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18221
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18221
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-18221
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18221
-
https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc
mlock: fix mlock count can not decrease in race condition · torvalds/linux@70feee0 · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/3655-2/
USN-3655-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
-
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4
Release Notes;Vendor Advisory
-
http://www.securityfocus.com/bid/103321
Linux Kernel 'mm/mlock.c' Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://usn.ubuntu.com/3655-1/
USN-3655-1: Linux kernel vulnerabilities | Ubuntu security notices
Jump to