CVE - CVE-2017-12190

CVE-ID
CVE-2017-12190	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:101911 URL:http://www.securityfocus.com/bid/101911 MISC:RHSA-2018:0654 URL:https://access.redhat.com/errata/RHSA-2018:0654 MISC:RHSA-2018:0676 URL:https://access.redhat.com/errata/RHSA-2018:0676 MISC:RHSA-2018:1062 URL:https://access.redhat.com/errata/RHSA-2018:1062 MISC:RHSA-2018:1854 URL:https://access.redhat.com/errata/RHSA-2018:1854 MISC:RHSA-2019:1170 URL:https://access.redhat.com/errata/RHSA-2019:1170 MISC:RHSA-2019:1190 URL:https://access.redhat.com/errata/RHSA-2019:1190 MISC:USN-3582-1 URL:https://usn.ubuntu.com/3582-1/ MISC:USN-3582-2 URL:https://usn.ubuntu.com/3582-2/ MISC:USN-3583-1 URL:https://usn.ubuntu.com/3583-1/ MISC:USN-3583-2 URL:https://usn.ubuntu.com/3583-2/ MISC:[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html MISC:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 URL:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 MISC:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467 URL:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467 MISC:http://seclists.org/oss-sec/2017/q4/52 URL:http://seclists.org/oss-sec/2017/q4/52 MISC:http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 URL:http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1495089 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1495089 MISC:https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 URL:https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 MISC:https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467 URL:https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467 MISC:https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS URL:https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS
Assigning CNA
Red Hat, Inc.
Date Record Created
20170801	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20170801)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)