CVE-2017-12190
low-risk
Published 2017-11-22
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
Do I need to act?
-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (40)
Issue Tracking
http://seclists.org/oss-sec/2017/q4/52
Issue Tracking
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
Issue Tracking
http://www.securityfocus.com/bid/101911
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1495089
and 20 more references
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal