vulnerability
Oracle Linux: CVE-2017-18203: ELSA-2018-1854: kernel security and bug fix update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:L/AC:H/Au:S/C:N/I:N/A:C) | 2017-11-01 | 2018-04-19 | 2025-01-24 |
Severity
4
CVSS
(AV:L/AC:H/Au:S/C:N/I:N/A:C)
Published
2017-11-01
Added
2018-04-19
Modified
2025-01-24
Description
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.
The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.
Solution(s)
oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.