Vulnerability Description
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.6, < 4.9.68 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=687cb0PatchVendor Advisory
- http://www.securityfocus.com/bid/103161Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2772Third Party Advisory
- https://github.com/torvalds/linux/commit/687cb0884a714ff484d038e9190edc874edcf14PatchThird Party Advisory
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4Vendor Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=687cb0PatchVendor Advisory
- http://www.securityfocus.com/bid/103161Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2772Third Party Advisory
- https://github.com/torvalds/linux/commit/687cb0884a714ff484d038e9190edc874edcf14PatchThird Party Advisory
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4Vendor Advisory
FAQ
What is CVE-2017-18202?
CVE-2017-18202 is a vulnerability with a CVSS score of 7.0 (HIGH). The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) ...
How severe is CVE-2017-18202?
CVE-2017-18202 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18202?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.