{"containers": {"cna": {"affected": [{"product": "Linux kernel through v4.14-rc5", "vendor": "n/a", "versions": [{"status": "affected", "version": "Linux kernel through v4.14-rc5"}]}], "datePublic": "2017-11-22T00:00:00", "descriptions": [{"lang": "en", "value": "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-13T02:06:45", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"}, {"name": "101911", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101911"}, {"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"name": "USN-3583-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3583-2/"}, {"name": "RHSA-2018:1854", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"name": "USN-3582-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3582-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467"}, {"name": "RHSA-2018:1062", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1062"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467"}, {"name": "RHSA-2018:0654", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0654"}, {"name": "USN-3583-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3583-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://seclists.org/oss-sec/2017/q4/52"}, {"name": "RHSA-2018:0676", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0676"}, {"name": "USN-3582-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3582-2/"}, {"name": "RHSA-2019:1170", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1170"}, {"name": "RHSA-2019:1190", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1190"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.645Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"}, {"name": "101911", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101911"}, {"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"name": "USN-3583-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3583-2/"}, {"name": "RHSA-2018:1854", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"name": "USN-3582-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3582-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467"}, {"name": "RHSA-2018:1062", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1062"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467"}, {"name": "RHSA-2018:0654", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0654"}, {"name": "USN-3583-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3583-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://seclists.org/oss-sec/2017/q4/52"}, {"name": "RHSA-2018:0676", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0676"}, {"name": "USN-3582-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3582-2/"}, {"name": "RHSA-2019:1170", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1170"}, {"name": "RHSA-2019:1190", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1190"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12190", "datePublished": "2017-11-22T18:00:00", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-08-05T18:28:16.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "11C6B206-8716-4A16-81BD-F3B8C8ACBE19", "versionEndIncluding": "4.13.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition."}, {"lang": "es", "value": "Las funciones bio_map_user_iov y bio_unmap_user en block/bio.c en el kernel de Linux en versiones anteriores a la 4.13.8 realizan un refcount no equilibrado cuando un vector SCSI I/O tiene b\u00faferes peque\u00f1os consecutivos que pertenecen a la misma p\u00e1gina. La funci\u00f3n bio_add_pc_page los combina en uno solo, pero la referencia de la p\u00e1gina nunca se anula. Esto provoca una fuga de memoria y un posible bloqueo del sistema (explotable contra el host del sistema operativo por un usuario invitado del sistema operativo, si se pasa un disco SCSI a una m\u00e1quina virtual) debido a una condici\u00f3n de falta de memoria."}], "id": "CVE-2017-12190", "lastModified": "2023-02-12T23:27:30.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T18:29:00.477", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2017/q4/52"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101911"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0654"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0676"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:1062"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:1170"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:1190"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"}, {"source": "secalert@redhat.com", "url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/3582-1/"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/3582-2/"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/3583-1/"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/3583-2/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Vitaly Mayatskih for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:1854", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-754.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2018-06-19T00:00:00Z"}, {"advisory": "RHSA-2018:0676", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-862.rt56.804.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-04-10T00:00:00Z"}, {"advisory": "RHSA-2018:0654", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-49.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-04-10T00:00:00Z"}, {"advisory": "RHSA-2018:1062", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-862.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-04-10T00:00:00Z"}, {"advisory": "RHSA-2019:1170", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "kernel-0:3.10.0-693.47.2.el7", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1190", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2019-05-14T00:00:00Z"}], "bugzilla": {"description": "kernel: memory leak when merging buffers in SCSI IO vectors", "id": "1495089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.", "It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition."], "name": "CVE-2017-12190", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2017-09-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-12190\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12190"], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future updates for the respective releases may address this issue.", "threat_severity": "Moderate"}