Vulnerability Description
An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 4.17.2 |
Related Weaknesses (CWE)
References
- https://patchwork.kernel.org/patch/10395909/Issue TrackingVendor Advisory
- https://patchwork.kernel.org/patch/9842889/Issue TrackingVendor Advisory
- https://www.spinics.net/lists/linux-mm/msg117896.htmlMailing ListThird Party Advisory
- https://patchwork.kernel.org/patch/10395909/Issue TrackingVendor Advisory
- https://patchwork.kernel.org/patch/9842889/Issue TrackingVendor Advisory
- https://www.spinics.net/lists/linux-mm/msg117896.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2016-10723?
CVE-2016-10723 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up th...
How severe is CVE-2016-10723?
CVE-2016-10723 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10723?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.