The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).
Base Score: 4.9
Impact Score: 6.9
Exploitability Score: 3.9
Base Score: 5.5
Impact Score: 3.6
Exploitability Score: 1.8
|123226||openSUSE Security Update : the Linux Kernel (openSUSE-2019-536) (Spectre)||Nessus||SuSE Local Security Checks|
|120067||SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2092-1) (Spectre)||Nessus||SuSE Local Security Checks|
|118513||RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)||Nessus||Red Hat Local Security Checks|
|112189||Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (Azure, GCP, OEM) vulnerabilities (USN-3752-3)||Nessus||Ubuntu Local Security Checks|
|112110||Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3752-2)||Nessus||Ubuntu Local Security Checks|
|112109||Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3752-1)||Nessus||Ubuntu Local Security Checks|
|111414||openSUSE Security Update : the Linux Kernel (openSUSE-2018-762) (Spectre)||Nessus||SuSE Local Security Checks|