Base Score

MEDIUM5.5

CVE-2017-18221

The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.

VectorLOCAL

Published Bycve@mitre.org

Published DateMar 07, 2018, 08:29

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc
http://www.securityfocus.com/bid/103321
https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc
https://usn.ubuntu.com/3655-1/
https://usn.ubuntu.com/3655-2/
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH