Bug 1084323 – VUL-0: CVE-2017-18221: kernel: The __munlock_pagevec function allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall

Bug 1084323 - (CVE-2017-18221) VUL-0: CVE-2017-18221: kernel: The __munlock_pagevec function allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall

(CVE-2017-18221)
Summary:	VUL-0: CVE-2017-18221: kernel: The __munlock_pagevec function allows local us...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/201395/
Whiteboard:	CVSSv3:SUSE:CVE-2017-18221:6.2:(AV:L/...
Keywords:

Depends on:	1042696
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-03-07 14:20 UTC by Johannes Segitz
Modified:	2018-08-29 10:00 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2018-03-07 14:20:29 UTC

CVE-2017-18221

The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4
allows local users to cause a denial of service (NR_MLOCK accounting corruption)
via crafted use of mlockall and munlockall system calls.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18221
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4
https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc

Comment 1 Takashi Iwai 2018-03-07 16:35:14 UTC

It's in 4.12-rc4, so SLE15 already contains the fix.

4.4.71 stable contains the fix, so SLE12-SP2 and SLE12-SP3 already include the fix.

cve/linux-3.12 and earlier branches still miss the fix, as it seems.

Comment 2 Vlastimil Babka 2018-03-08 09:23:47 UTC

(In reply to Takashi Iwai from comment #1)
> cve/linux-3.12 and earlier branches still miss the fix, as it seems.

I'll add it, but frankly I don't see how this is a DoS, because NR_MLOCK is used only for showing in /proc/vmstat, the mlocking rlimit uses a different variable (and it's per-process, anyway).

Comment 3 Vlastimil Babka 2018-03-08 10:10:19 UTC

The patch is actually already in SLE12-SP1-LTSS (bsc#1042696), so it's just SLE12-LTSS missing it.

Comment 4 Vlastimil Babka 2018-03-08 13:22:01 UTC

(In reply to Vlastimil Babka from comment #3)
> The patch is actually already in SLE12-SP1-LTSS (bsc#1042696), so it's just
> SLE12-LTSS missing it.

pushed to linux/cve-3.12 per maintainer's request

Comment 5 Vlastimil Babka 2018-03-12 08:36:47 UTC

(In reply to Vlastimil Babka from comment #4)
> pushed to linux/cve-3.12 per maintainer's request

Kernels older than 3.12 don't have the bug in the first place (which the CVE filling also missed), so that's all and reassigning to security.

Comment 6 Swamp Workflow Management 2018-03-28 19:11:33 UTC

SUSE-SU-2018:0834-1: An update that solves 19 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1010470,1012382,1045330,1062568,1063416,1066001,1067118,1068032,1072689,1072865,1074488,1075617,1075621,1077560,1078669,1078672,1078673,1078674,1080255,1080464,1080757,1082299,1083244,1083483,1083494,1083640,1084323,1085107,1085114,1085279,1085447
CVE References: CVE-2016-7915,CVE-2017-12190,CVE-2017-13166,CVE-2017-15299,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18017,CVE-2017-18204,CVE-2017-18208,CVE-2017-18221,CVE-2018-1066,CVE-2018-1068,CVE-2018-5332,CVE-2018-5333,CVE-2018-6927,CVE-2018-7566
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.125.1, kernel-source-3.12.61-52.125.1, kernel-syms-3.12.61-52.125.1, kernel-xen-3.12.61-52.125.1, kgraft-patch-SLE12_Update_33-1-1.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.125.1

Comment 7 Swamp Workflow Management 2018-03-29 16:16:12 UTC

SUSE-SU-2018:0848-1: An update that solves 19 vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1010470,1012382,1045330,1055755,1062568,1063416,1066001,1067118,1068032,1072689,1072865,1074488,1075617,1075621,1077182,1077560,1077779,1078669,1078672,1078673,1078674,1080255,1080287,1080464,1080757,1081512,1082299,1083244,1083483,1083494,1083640,1084323,1085107,1085114,1085447
CVE References: CVE-2016-7915,CVE-2017-12190,CVE-2017-13166,CVE-2017-15299,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18017,CVE-2017-18204,CVE-2017-18208,CVE-2017-18221,CVE-2018-1066,CVE-2018-1068,CVE-2018-5332,CVE-2018-5333,CVE-2018-6927,CVE-2018-7566
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.85.1, kernel-source-3.12.74-60.64.85.1, kernel-syms-3.12.74-60.64.85.1, kernel-xen-3.12.74-60.64.85.1, kgraft-patch-SLE12-SP1_Update_26-1-2.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.85.1, kernel-source-3.12.74-60.64.85.1, kernel-syms-3.12.74-60.64.85.1, kernel-xen-3.12.74-60.64.85.1, kgraft-patch-SLE12-SP1_Update_26-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.85.1, kernel-source-3.12.74-60.64.85.1, kernel-syms-3.12.74-60.64.85.1, kernel-xen-3.12.74-60.64.85.1, kgraft-patch-SLE12-SP1_Update_26-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.85.1

Comment 8 Marcus Meissner 2018-08-29 10:00:37 UTC

released