{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-04-17T00:00:00", "datePublic": "2018-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3752-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3752-2/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"}, {"name": "USN-3752-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3752-3/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/security/cve/cve-2018-1000200"}, {"name": "[linux-kernel] 20180424 [patch v3 for-4.17] mm, oom: fix concurrent munlock and oom reaper unmap", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://marc.info/?l=linux-kernel&m=152460926619256"}, {"name": "RHSA-2018:2948", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"name": "104397", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104397"}, {"name": "[linux-kernel] 20180417 [patch] mm, oom: fix concurrent munlock and oom reaper unmap", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://marc.info/?l=linux-kernel&m=152400522806945"}, {"name": "USN-3752-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3752-1/"}, {"name": "[oss-security] 20180424 CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2018/q2/67"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-04-17T12:00:00", "DATE_REQUESTED": "2018-04-17T14:00:00", "ID": "CVE-2018-1000200", "REQUESTER": "rientjes@google.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3752-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-2/"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"}, {"name": "USN-3752-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-3/"}, {"name": "https://access.redhat.com/security/cve/cve-2018-1000200", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/cve/cve-2018-1000200"}, {"name": "[linux-kernel] 20180424 [patch v3 for-4.17] mm, oom: fix concurrent munlock and oom reaper unmap", "refsource": "MLIST", "url": "https://marc.info/?l=linux-kernel&m=152460926619256"}, {"name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"name": "104397", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104397"}, {"name": "[linux-kernel] 20180417 [patch] mm, oom: fix concurrent munlock and oom reaper unmap", "refsource": "MLIST", "url": "https://marc.info/?l=linux-kernel&m=152400522806945"}, {"name": "USN-3752-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-1/"}, {"name": "[oss-security] 20180424 CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2018/q2/67"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:40:46.712Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3752-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3752-2/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"}, {"name": "USN-3752-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3752-3/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2018-1000200"}, {"name": "[linux-kernel] 20180424 [patch v3 for-4.17] mm, oom: fix concurrent munlock and oom reaper unmap", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://marc.info/?l=linux-kernel&m=152460926619256"}, {"name": "RHSA-2018:2948", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"name": "104397", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104397"}, {"name": "[linux-kernel] 20180417 [patch] mm, oom: fix concurrent munlock and oom reaper unmap", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://marc.info/?l=linux-kernel&m=152400522806945"}, {"name": "USN-3752-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3752-1/"}, {"name": "[oss-security] 20180424 CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2018/q2/67"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000200", "datePublished": "2018-06-05T13:00:00", "dateReserved": "2018-04-17T00:00:00", "dateUpdated": "2024-08-05T12:40:46.712Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:4.14:*:*:*:*:*:*:*", "matchCriteriaId": "D31DCD50-805F-4CC6-9A98-2AC8BC224DF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*", "matchCriteriaId": "380E55F5-238D-4FBB-8DB1-DB10EFC37CD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.16:*:*:*:*:*:*:*", "matchCriteriaId": "A63F7D1D-EB47-48AE-B89E-E84A63579FA6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)."}, {"lang": "es", "value": "Las versiones 4.14, 4.15 y 4.16 del kernel de Linux tienen una desreferencia de puntero NULL que puede resultar en agotamiento de memoria (OOM), cerrando grandes procesos bloqueados. El problema surge del hilo final de un proceso finalizado por un OOM que llama a exit_mmap(), el cual llama a munlock_vma_pages_all() para mlocked vmas. Esto puede ocurrir en sincron\u00eda con el rango unmap_page_range() del oom reaper ya que el bit VM_LOCKED del vma se borra antes del munlocking (para determinar si otros vmas comparten la memoria y son bloqueados)."}], "id": "CVE-2018-1000200", "lastModified": "2018-10-31T10:30:41.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-05T13:29:00.297", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2018/q2/67"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104397"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2018-1000200"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://marc.info/?l=linux-kernel&m=152400522806945"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://marc.info/?l=linux-kernel&m=152460926619256"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3752-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3752-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3752-3/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank David Rientjes (Google) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:2948", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}], "bugzilla": {"description": "kernel: NULL pointer dereference on OOM kill of large mlocked process", "id": "1568744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568744"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).", "A flaw was found in the Linux kernel where an out of memory (oom) killing of a process that has large spans of mlocked memory can result in deferencing a NULL pointer, leading to denial of service."], "name": "CVE-2018-1000200", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2018-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1000200\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000200"], "threat_severity": "Moderate"}