Vulnetix
Try Vulnetix Request Demo
CVE-2018-1000200 PUBLISHED

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).

EPSS 0.08% · 24.4th percentile

Risk Scores

EPSS Score
0.08%
24.4th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSlinux-hwe4.10.0-38.42~16.04.1, 0, 4.8.0-36.36~16.04.1
Ubuntu:18.04:LTSlinux-gcp4.15.0-1008.8, 4.15.0-1009.9, 4.15.0-1010.10
Ubuntu:18.04:LTSlinux-azure4.15.0-1009.9, 4.15.0-1003.3, 4.15.0-1002.2
Ubuntu:16.04:LTSlinux-azure4.15.0-1018.18~16.04.1, 4.15.0-1019.19~16.04.1, 4.15.0-1021.21~16.04.1
Ubuntu:18.04:LTSlinux-oem4.15.0-1002.3, 0, 4.15.0-1004.5
Ubuntu:18.04:LTSlinux4.13.0-25.29, 4.15.0-29.31, 4.15.0-30.32
Ubuntu:16.04:LTSlinux-gcp4.13.0-1013.17, 4.15.0-1017.18~16.04.1, 4.15.0-1015.15~16.04.1
Ubuntu:18.04:LTSlinux-raspi24.15.0-1018.19, 4.15.0-1020.22, 0
Ubuntu:18.04:LTSlinux-kvm4.15.0-1017.17, 4.15.0-1019.19, 4.15.0-1006.6
Ubuntu:18.04:LTSlinux-aws4.15.0-1006.6, 4.15.0-1003.3, 4.15.0-1001.1

Timeline

References

Open in Interactive Console →