VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel.
Advisory: CVE-2018-1000200
Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-1000200
CVSS severity score: 4.9/10.0
Description:
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).
This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.
Comment 1 by groeck@chromium.org
, Jul 19Labels: M-68 Security_Severity-Medium Security_Impact-Stable Pri-1
Owner: groeck@chromium.org
Status: WontFix (was: Untriaged)
Upstream commit 27ae357fa82be ("mm, oom: fix concurrent munlock and oom reaper unmap, v3"). Already fixed in chromeos-4.14 with the merge of v4.14.41. Already fixed in R68. Other branches not affected per CVE.