Rapid7 Vulnerability & Exploit Database

Ubuntu: (CVE-2016-10723): linux-hwe vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Ubuntu: (CVE-2016-10723): linux-hwe vulnerability

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
06/21/2018
Created
11/21/2024
Added
11/19/2024
Modified
11/19/2024

Description

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle.

Solution(s)

  • ubuntu-upgrade-linux-gcp
  • ubuntu-upgrade-linux-gcp-edge
  • ubuntu-upgrade-linux-hwe
  • ubuntu-upgrade-linux-oracle

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;