CVE-2017-18203
kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
La función dm_get_from_kobject en drivers/md/dm.c en el kernel de Linux, en versiones anteriores a la 4.14.3, permite que usuarios locales provoquen una denegación de servicio (bug) aprovechando una condición de carrera en __dm_destroy durante la creación y eliminación de dispositivos DM.
The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-27 CVE Reserved
- 2018-02-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (19)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/103184 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:0676 | 2018-06-20 | |
https://access.redhat.com/errata/RHSA-2018:1062 | 2018-06-20 | |
https://access.redhat.com/errata/RHSA-2018:1854 | 2018-06-20 | |
https://access.redhat.com/errata/RHSA-2019:4154 | 2018-06-20 | |
https://usn.ubuntu.com/3619-1 | 2018-06-20 | |
https://usn.ubuntu.com/3619-2 | 2018-06-20 | |
https://usn.ubuntu.com/3653-1 | 2018-06-20 | |
https://usn.ubuntu.com/3653-2 | 2018-06-20 | |
https://usn.ubuntu.com/3655-1 | 2018-06-20 | |
https://usn.ubuntu.com/3655-2 | 2018-06-20 | |
https://usn.ubuntu.com/3657-1 | 2018-06-20 | |
https://www.debian.org/security/2018/dsa-4187 | 2018-06-20 | |
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3 | 2018-06-20 | |
https://access.redhat.com/security/cve/CVE-2017-18203 | 2019-12-10 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1550811 | 2019-12-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.14.3 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.3" | - |
Affected
|