VDB
CVE-2016-10723
CVE-2016-10723
PUBLISHED
An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle.
EPSS 0.04% · 12.8th percentile
Risk Scores
EPSS Score
0.04%
12.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1073.75, 0 |
| Ubuntu:Pro:16.04:LTS | linux-hwe | 4.15.0-76.86~16.04.1, 4.15.0-74.83~16.04.1, 4.15.0-72.81~16.04.1 |
| Ubuntu:Pro:18.04:LTS | linux | 4.15.0-216.227, 4.15.0-123.126, 4.15.0-124.127 |
| Ubuntu:Pro:18.04:LTS | linux-azure-4.15 | 4.15.0-1195.210, 4.15.0-1196.211, 4.15.0-1174.189 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-aws-fips | 4.15.0-2000.4, 0 |
| Ubuntu:Pro:16.04:LTS | linux-aws | 4.4.0-1035.44, 4.4.0-1079.89, 4.4.0-1159.174 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-azure-fips | 4.15.0-1002.2, 0 |
| Ubuntu:18.04:LTS | linux-gke-4.15 | 4.15.0-1041.43, 4.15.0-1034.36, 4.15.0-1036.38 |
| Ubuntu:22.04:LTS | linux-realtime | 0, 5.15.0-1032.35 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:Pro:14.04:LTS | linux-lts-xenial | *, 4.4.0-112.135~14.04.1, 4.4.0-119.143~14.04.1 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-aws-fips | 4.15.0-2122.128, 4.15.0-2087.93, 4.15.0-2090.96 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1032.34, 4.15.0-1018.19, 4.15.0-1019.20 |
| Ubuntu:Pro:16.04:LTS | linux-gcp | 4.15.0-1115.129~16.04.1, 0, 4.10.0-1004.4 |
| Ubuntu:Pro:16.04:LTS | linux | 4.4.0-78.99, 4.3.0-6.17, 4.4.0-165.193 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-gcp-fips | 4.15.0-1001.1, 0 |
| Ubuntu:Pro:16.04:LTS | linux-azure | 4.15.0-1153.168~16.04.1, 4.15.0-1151.166~16.04.1, 4.15.0-1149.164~16.04.1 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-175.226, 3.13.0-176.227, 3.13.0-180.231 |
| Ubuntu:Pro:14.04:LTS | linux-azure | 4.15.0-1163.178~14.04.1, *, * |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-fips | 4.15.0-1130.141, 4.15.0-1110.121, 4.15.0-1111.122 |
…and 16 more
Exploit Intelligence
Timeline
- Jun 21, 2018 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-10723 third-party-advisory
- https://patchwork.kernel.org/patch/10395909/ third-party-advisory
- https://patchwork.kernel.org/patch/9842889/ third-party-advisory
- https://www.spinics.net/lists/linux-mm/msg117896.html third-party-advisory
- https://lore.kernel.org/lkml/cb2d635c-c14d-c2cc-868a-d4c447364f0d@i-love.sakura.ne.jp/ third-party-advisory
- https://lore.kernel.org/lkml/195a512f-aecc-f8cf-f409-6c42ee924a8c@i-love.sakura.ne.jp/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-10723 third-party-advisory