VDB
CVE-2017-18202
CVE-2017-18202
PUBLISHED
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.
EPSS 0.10% · 27.4th percentile
Risk Scores
EPSS Score
0.10%
27.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | linux-azure | 0, 4.11.0-1011.11, 4.11.0-1013.13 |
| Ubuntu:16.04:LTS | linux-gcp | 0, 4.10.0-1006.6, 4.10.0-1007.7 |
| Ubuntu:16.04:LTS | linux-hwe | *, 0, * |
Exploit Intelligence
- Exploit for TSIG bypass vulnerabilities in Bind (CVE-2017-3143) and Knot DNS (CVE-2017-11104) (github-poc)
- Exploit for TSIG bypass vulnerabilities in Bind (CVE-2017-3143) and Knot DNS (CVE-2017-11104) (github-poc)
- Exploit for TSIG bypass vulnerabilities in Bind (CVE-2017-3143) and Knot DNS (CVE-2017-11104) (github-poc)
- Exploit for TSIG bypass vulnerabilities in Bind (CVE-2017-3143) and Knot DNS (CVE-2017-11104) (github-poc)
- Exploit for TSIG bypass vulnerabilities in Bind (CVE-2017-3143) and Knot DNS (CVE-2017-11104) (github-poc)
- POCs for CVE-2017-13672 (OOB read in VGA Cirrus QEMU driver, causing DoS) (github-poc)
- POCs for CVE-2017-13672 (OOB read in VGA Cirrus QEMU driver, causing DoS) (github-poc)
- POCs for CVE-2017-13672 (OOB read in VGA Cirrus QEMU driver, causing DoS) (github-poc)
- POCs for CVE-2017-13672 (OOB read in VGA Cirrus QEMU driver, causing DoS) (github-poc)
- POCs for CVE-2017-13672 (OOB read in VGA Cirrus QEMU driver, causing DoS) (github-poc)
…and 65 more exploits
Timeline
- Feb 27, 2018 CVE Published
- Sep 27, 2018 PoC Published
- Oct 1, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- May 14, 2022 CVE Updated
References
- https://ubuntu.com/security/CVE-2017-18202 third-party-advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=687cb0884a714ff484d038e9190edc874edcf146 third-party-advisory
- https://github.com/torvalds/linux/commit/687cb0884a714ff484d038e9190edc874edcf146 third-party-advisory
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-18202 third-party-advisory