CVE - CVE-2017-12190

CVE-ID
CVE-2017-12190	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html CONFIRM:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 CONFIRM:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467 CONFIRM:http://seclists.org/oss-sec/2017/q4/52 CONFIRM:http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1495089 CONFIRM:https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 CONFIRM:https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467 REDHAT:RHSA-2018:0654 URL:https://access.redhat.com/errata/RHSA-2018:0654 REDHAT:RHSA-2018:0676 URL:https://access.redhat.com/errata/RHSA-2018:0676 REDHAT:RHSA-2018:1062 URL:https://access.redhat.com/errata/RHSA-2018:1062 REDHAT:RHSA-2018:1854 URL:https://access.redhat.com/errata/RHSA-2018:1854 UBUNTU:USN-3582-1 URL:https://usn.ubuntu.com/3582-1/ UBUNTU:USN-3582-2 URL:https://usn.ubuntu.com/3582-2/ UBUNTU:USN-3583-1 URL:https://usn.ubuntu.com/3583-1/ UBUNTU:USN-3583-2 URL:https://usn.ubuntu.com/3583-2/ BID:101911 URL:http://www.securityfocus.com/bid/101911
Assigning CNA
Red Hat, Inc.
Date Entry Created
20170801	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20170801)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org