VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel.
Advisory: CVE-2017-18202
Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-18202
CVSS severity score: 10/10.0
Description:
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.
This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.
Comment 1 by groeck@chromium.org
, Mar 18 2018Labels: Security_Severity-Critical Security_Impact-Stable Pri-0
Mergedinto: 792119
Owner: groeck@chromium.org
Status: Duplicate (was: Untriaged)
Upstream commit 786b924d39ba ("mm, oom_reaper: gather each vma to prevent leaking TLB entry"). Fixed in chromeos-4.14 with merge of v4.14.4. Older kernels are not affected since the offending code was introduced after v4.4.