Vulnerability CVE-2017-15127


Published: 2018-01-14

Description:
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).

Type:

CWE-19

(Data Handling)

Vendor: Redhat
Product: Enterprise linux 
Version: 7.0;
Vendor: Linux
Product: Linux kernel 
Version:
4.9.95
4.9.94
4.9.93
4.9.92
4.9.91
4.9.90
4.9.9
4.9.89
4.9.88
4.9.87
4.9.86
4.9.85
4.9.84
4.9.83
4.9.82
4.9.81
4.9.80
4.9.8
4.9.79
4.9.78
4.9.77
4.9.76
4.9.75
4.9.74
4.9.73
4.9.72
4.9.71
4.9.70
4.9.7
4.9.69
4.9.68
4.9.67
4.9.66
4.9.65
4.9.64
4.9.63
4.9.62
4.9.61
4.9.60
4.9.6
4.9.59
4.9.58
4.9.57
4.9.56
4.9.55
4.9.54
4.9.53
4.9.52
4.9.51
4.9.50
4.9.5
4.9.49
4.9.48
4.9.47
4.9.46
4.9.45
4.9.44
4.9.43
4.9.42
4.9.41
4.9.40
4.9.4
4.9.39
4.9.38
4.9.37
4.9.36
4.9.35
4.9.34
4.9.33
4.9.32
4.9.31
4.9.30
4.9.3
4.9.29
4.9.28
4.9.27
4.9.26
4.9.25
4.9.24
4.9.23
4.9.22
4.9.21
4.9.20
4.9.2
4.9.19
4.9.18
4.9.17
4.9.16
4.9.15
4.9.14
4.9.13
4.9.12
4.9.11
4.9.10
4.9.1
4.9
4.8.9
4.8.8
4.8.7
See more versions on NVD

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995
http://www.securityfocus.com/bid/102517
https://access.redhat.com/errata/RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:1062
https://access.redhat.com/security/cve/CVE-2017-15127
https://bugzilla.redhat.com/show_bug.cgi?id=1525218
https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995

Related CVE
CVE-2019-12615
An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL poin...
CVE-2019-12614
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dere...
CVE-2019-3846
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
CVE-2019-12456
An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the v...
CVE-2019-12455
An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference a...
CVE-2019-12454
An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors.
CVE-2019-12382
An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and s...
CVE-2019-12381
An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Copyright 2019, cxsecurity.com

 

Back to Top