CVE-2017-12190
kernel: memory leak when merging buffers in SCSI IO vectors
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
Las funciones bio_map_user_iov y bio_unmap_user en block/bio.c en el kernel de Linux en versiones anteriores a la 4.13.8 realizan un refcount no equilibrado cuando un vector SCSI I/O tiene búferes pequeños consecutivos que pertenecen a la misma página. La función bio_add_pc_page los combina en uno solo, pero la referencia de la página nunca se anula. Esto provoca una fuga de memoria y un posible bloqueo del sistema (explotable contra el host del sistema operativo por un usuario invitado del sistema operativo, si se pasa un disco SCSI a una máquina virtual) debido a una condición de falta de memoria.
It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-01 CVE Reserved
- 2017-11-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2017/q4/52 | Issue Tracking |
|
| http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 | Issue Tracking | |
| http://www.securityfocus.com/bid/101911 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html | Mailing List |
|
| https://support.f5.com/csp/article/K93472064?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0654 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2018:0676 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2018:1062 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2018:1854 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2019:1170 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2019:1190 | 2023-02-12 | |
| https://usn.ubuntu.com/3582-1 | 2023-02-12 | |
| https://usn.ubuntu.com/3582-2 | 2023-02-12 | |
| https://usn.ubuntu.com/3583-1 | 2023-02-12 | |
| https://usn.ubuntu.com/3583-2 | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2017-12190 | 2019-05-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.13.7 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.13.7" | - |
Affected
| ||||||