Base Score

MEDIUM5.5

CVE-2017-18208

The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.

VectorLOCAL

Published Bycve@mitre.org

Published DateMar 01, 2018, 05:29

Weakness Type (CWE):CWE-835

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
https://access.redhat.com/errata/RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:4057
https://access.redhat.com/errata/RHSA-2019:4058
https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3653-1/
https://usn.ubuntu.com/3653-2/
https://usn.ubuntu.com/3655-1/
https://usn.ubuntu.com/3655-2/
https://usn.ubuntu.com/3657-1/
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-835

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH