CVE-2017-18200

Impact:
Moderate
Public Date:
2017-10-01
CWE:
CWE-617
Bugzilla:
1549586: CVE-2017-18200 kernel: mishandling reference counts associated with f2fs_wait_discard_bios calls allowing local attacker to cause denial of service
The f2fs implementation in the Linux kernel, before 4.14, mishandles reference counts associated with f2fs_wait_discard_bios calls. This allows local users to cause a denial of service (BUG), as demonstrated by fstrim.

Find out more about CVE-2017-18200 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE, as the code with the flaw is not built and shipped in the products listed.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.5
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 7 kernel-alt Not affected
Red Hat Enterprise Linux 7 kernel Not affected
Red Hat Enterprise Linux 7 kernel-rt Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.