CVE-2016-10723
Last modified
CVE-2016-10723 is a vulnerability of currently unknown severity. An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 4.17.2 |
References
- https://patchwork.kernel.org/patch/10395909/Issue Tracking, Vendor Advisory
- https://patchwork.kernel.org/patch/9842889/Issue Tracking, Vendor Advisory
- https://www.spinics.net/lists/linux-mm/msg117896.htmlMailing List, Third Party Advisory
- https://patchwork.kernel.org/patch/10395909/Issue Tracking, Vendor Advisory
- https://patchwork.kernel.org/patch/9842889/Issue Tracking, Vendor Advisory
- https://www.spinics.net/lists/linux-mm/msg117896.htmlMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10723?
How severe is CVE-2016-10723?
How do I fix CVE-2016-10723?
Are you affected by CVE-2016-10723?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST