CVE-2017-12190

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467

http://seclists.org/oss-sec/2017/q4/52

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8

http://www.securityfocus.com/bid/101911

https://access.redhat.com/errata/RHSA-2018:0654

https://access.redhat.com/errata/RHSA-2018:0676

https://access.redhat.com/errata/RHSA-2018:1062

https://access.redhat.com/errata/RHSA-2018:1854

https://access.redhat.com/errata/RHSA-2019:1170

https://access.redhat.com/errata/RHSA-2019:1190

https://bugzilla.redhat.com/show_bug.cgi?id=1495089

https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058

https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

https://usn.ubuntu.com/3582-1/

https://usn.ubuntu.com/3582-2/

https://usn.ubuntu.com/3583-1/

https://usn.ubuntu.com/3583-2/

Details

Source: MITRE

Published: 2017-11-22

Updated: 2019-10-03

Type: CWE-772

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.13.7 (inclusive)

Tenable Plugins

View all (47 total)

IDNameProductFamilySeverity
127494F5 Networks BIG-IP : Linux kernel vulnerability (K93472064)NessusF5 Networks Local Security Checks
medium
127425NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0152)NessusNewStart CGSL Local Security Checks
high
127281NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)NessusNewStart CGSL Local Security Checks
critical
127272NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)NessusNewStart CGSL Local Security Checks
critical
125192RHEL 6 : MRG (RHSA-2019:1190) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusRed Hat Local Security Checks
high
125039RHEL 7 : kernel (RHSA-2019:1170) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusRed Hat Local Security Checks
high
124984EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1531)NessusHuawei Local Security Checks
high
124822EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1499)NessusHuawei Local Security Checks
medium
121786Photon OS 1.0: Linux PHSA-2017-1.0-0095NessusPhotonOS Local Security Checks
critical
111904Photon OS 1.0: Binutils / Curl / Docker / Linux / Rpm PHSA-2017-1.0-0095 (deprecated)NessusPhotonOS Local Security Checks
critical
110887Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180619) (Spectre)NessusScientific Linux Local Security Checks
high
110701Oracle Linux 6 : kernel (ELSA-2018-1854) (Spectre)NessusOracle Linux Local Security Checks
high
110694Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-041)NessusVirtuozzo Local Security Checks
high
110645CentOS 6 : kernel (CESA-2018:1854) (Spectre)NessusCentOS Local Security Checks
critical
110600RHEL 6 : kernel (RHSA-2018:1854) (Spectre)NessusRed Hat Local Security Checks
high
109646SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1172-1)NessusSuSE Local Security Checks
high
109449Scientific Linux Security Update : kernel on SL7.x x86_64 (20180410) (Meltdown)NessusScientific Linux Local Security Checks
critical
109380CentOS 7 : kernel (CESA-2018:1062)NessusCentOS Local Security Checks
critical
109360SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1080-1) (Spectre)NessusSuSE Local Security Checks
high
109158OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0035) (Dirty COW) (Meltdown) (Spectre)NessusOracleVM Local Security Checks
high
109156Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4071) (Dirty COW) (Meltdown) (Spectre)NessusOracle Linux Local Security Checks
high
109113Oracle Linux 7 : kernel (ELSA-2018-1062)NessusOracle Linux Local Security Checks
critical
108997RHEL 7 : kernel (RHSA-2018:1062)NessusRed Hat Local Security Checks
critical
108984RHEL 7 : kernel-rt (RHSA-2018:0676)NessusRed Hat Local Security Checks
critical
108942RHEL 7 : kernel-alt (RHSA-2018:0654)NessusRed Hat Local Security Checks
high
108748SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0848-1)NessusSuSE Local Security Checks
critical
108705SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0834-1)NessusSuSE Local Security Checks
critical
107003Ubuntu 14.04 LTS : linux vulnerabilities (USN-3583-1) (Meltdown)NessusUbuntu Local Security Checks
critical
106973Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3582-2) (Spectre)NessusUbuntu Local Security Checks
high
106972Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3582-1) (Spectre)NessusUbuntu Local Security Checks
high
106167EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1026)NessusHuawei Local Security Checks
high
105948Fedora 27 : kernel (2017-aa9927961f)NessusFedora Local Security Checks
high
105248OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)NessusOracleVM Local Security Checks
high
105247Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)NessusOracle Linux Local Security Checks
high
105147OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)NessusOracleVM Local Security Checks
high
105146OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0172) (Dirty COW)NessusOracleVM Local Security Checks
high
105145Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)NessusOracle Linux Local Security Checks
high
105144Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)NessusOracle Linux Local Security Checks
high
105143Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3651) (Dirty COW)NessusOracle Linux Local Security Checks
high
105116Debian DLA-1200-1 : linux security update (KRACK)NessusDebian Local Security Checks
high
105046EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1318)NessusHuawei Local Security Checks
high
104737Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3487-1)NessusUbuntu Local Security Checks
high
104707Amazon Linux AMI : kernel (ALAS-2017-925)NessusAmazon Linux Local Security Checks
high
104160Fedora 25 : kernel (2017-cafcdbdde5)NessusFedora Local Security Checks
high
104158Fedora 26 : kernel (2017-c110ac0eb1)NessusFedora Local Security Checks
high
104132Virtuozzo 7 : readykernel-patch (VZA-2017-098)NessusVirtuozzo Local Security Checks
high
104131Virtuozzo 7 : readykernel-patch (VZA-2017-097)NessusVirtuozzo Local Security Checks
high