PT-2017-12394 · Linux+5 · Linux Kernel+5

Vitaly Mayatskikh

·

Publicado

2017-10-12

·

Atualizado

2023-02-12

·

CVE-2017-12190

CVSS v3.1

6.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.8
Description The issue is related to unbalanced refcounting in the Linux kernel when handling SCSI I/O vectors with small consecutive buffers belonging to the same page. This occurs because the bio add pc page function merges these buffers into one, but the page reference is never dropped, leading to a memory leak. The memory leak can cause a system lockup due to an out-of-memory condition, which can be exploited by a guest OS user against the host OS if a SCSI disk is passed through to a virtual machine.
Recommendations For Linux kernel versions prior to 4.13.8, update to version 4.13.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of SCSI disks in virtual machines to minimize the risk of exploitation.

Correção

Missing Release of Resource after Effective Lifetime

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-772CWE-400

Identificadores relacionados

ALT-PU-2017-2467
ALT-PU-2018-1991
CESA-2018_1062
CESA-2018_1854
CVE-2017-12190
DLA-1200-1
MGASA-2017-0463
MGASA-2017-0466
MGASA-2017-0467
MGASA-2018-0062
MGASA-2018-0063
MGASA-2018-0064
RHSA-2018:0654
RHSA-2018:0676
RHSA-2018:1062
RHSA-2018:1854
RHSA-2018_0676
RHSA-2018_1062
RHSA-2018_1854
RHSA-2019:1170
RHSA-2019:1190
SUSE-SU-2018:0834-1
SUSE-SU-2018:0848-1
SUSE-SU-2018:1080-1
SUSE-SU-2018:1172-1
SUSE-SU-2018:1309-1
USN-3487-1
USN-3582-1
USN-3582-2
USN-3583-1
USN-3583-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu