Denial of service in Linux Kernel

Published: 2018-05-16 13:33:33
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-1000200
CVSSv3 5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-476
Exploitation vector Local
Public exploit Not available
Vulnerable software Linux kernel
Vulnerable software versions Linux kernel 4.16.8
Linux kernel 4.16.7
Linux kernel 4.16.6
Show more
Vendor URL Linux Foundation

Security Advisory

1) Null pointer dereference

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the Linux kernel where an out of memory (oom) killing of a process that has large spans of mlocked memory. A local attacker can trigger NULL pointer dereference and cause the system to crash.

Remediation

Update to version 4.16.9.

External links

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9

Back to List