SB2018011407 - Memory corruption in Linux kernel mm
Published: January 14, 2018
Security Bulletin ID
SB2018011407
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2017-15128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption error within the hugetlb_mcopy_atomic_pte() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12
- https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df
- https://bugzilla.redhat.com/show_bug.cgi?id=1525222
- https://access.redhat.com/security/cve/CVE-2017-15128
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df