UBUNTU-CVE-2017-18221

Details

The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.

Affected Packages(16 packages)

linux-lts-xenial

Ubuntu 14.04 LTS

Fixed in:

4.4.0-87.110~14.04.1

linux

Ubuntu 16.04 LTS

Fixed in:

4.4.0-87.110

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1026.35

linux-gcp

Ubuntu 16.04 LTS

Fixed in:

4.13.0-1002.5

linux-gke

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1022.22

linux-hwe

Ubuntu 16.04 LTS

Fixed in:

4.13.0-32.35~16.04.1

linux-raspi2

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1065.73

linux-snapdragon

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1067.72

linux-azure-fde

Ubuntu 20.04 LTS

Affected versions:

5.4.0-1063.66+cvm2.25.4.0-1063.66+cvm3.25.4.0-1064.67+cvm1.15.4.0-1065.68+cvm2.15.4.0-1067.70+cvm1.15.4.0-1068.71+cvm1.15.4.0-1069.72+cvm1.15.4.0-1070.73+cvm1.15.4.0-1072.75+cvm1.15.4.0-1073.76+cvm1.1+16 more

linux-gke

Ubuntu 20.04 LTS

Affected versions:

5.4.0-1033.355.4.0-1035.375.4.0-1036.385.4.0-1037.395.4.0-1039.415.4.0-1041.435.4.0-1042.445.4.0-1043.455.4.0-1044.465.4.0-1046.48+41 more

References

REPORT

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc

REPORT

https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc

REPORT

https://ubuntu.com/security/CVE-2017-18221

ADVISORY

https://ubuntu.com/security/notices/USN-3655-1

ADVISORY

https://ubuntu.com/security/notices/USN-3655-2

REPORT

https://www.cve.org/CVERecord?id=CVE-2017-18221

REPORT

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4