CVE-2017-18203 - OpenCVE

The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed	Patch Vendor Advisory
http://www.securityfocus.com/bid/103184	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2019:4154
https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3653-1/
https://usn.ubuntu.com/3653-2/
https://usn.ubuntu.com/3655-1/
https://usn.ubuntu.com/3655-2/
https://usn.ubuntu.com/3657-1/
https://www.debian.org/security/2018/dsa-4187
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-27T20:00:00

Updated: 2019-12-10T15:06:25

Reserved: 2018-02-27T00:00:00

Link: CVE-2017-18203

JSON object: View

NVD Information

Status : Modified

Published: 2018-02-27T20:29:00.260

Modified: 2018-06-20T01:29:00.883

Link: CVE-2017-18203

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-10T15:06:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-4187", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4187"}, {"name": "USN-3619-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "103184", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103184"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed"}, {"name": "RHSA-2018:1854", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"tags": ["x_refsource_MISC"], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3"}, {"name": "RHSA-2018:1062", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1062"}, {"name": "RHSA-2018:0676", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0676"}, {"name": "USN-3653-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3653-2/"}, {"name": "USN-3655-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3655-1/"}, {"tags": ["x_refsource_MISC"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed"}, {"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"name": "USN-3655-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3655-2/"}, {"name": "USN-3653-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3653-1/"}, {"name": "USN-3657-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3657-1/"}, {"name": "USN-3619-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3619-1/"}, {"name": "RHSA-2019:4154", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4154"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18203", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187"}, {"name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "103184", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103184"}, {"name": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed"}, {"name": "RHSA-2018:1854", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3", "refsource": "MISC", "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3"}, {"name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062"}, {"name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676"}, {"name": "USN-3653-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-2/"}, {"name": "USN-3655-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-1/"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed"}, {"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"name": "USN-3655-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3655-2/"}, {"name": "USN-3653-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3653-1/"}, {"name": "USN-3657-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3657-1/"}, {"name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/"}, {"name": "RHSA-2019:4154", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4154"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18203", "datePublished": "2018-02-27T20:00:00", "dateReserved": "2018-02-27T00:00:00", "dateUpdated": "2019-12-10T15:06:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F3C9534-2349-43A8-A1B3-E683DCE46BE8", "versionEndExcluding": "4.14.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices."}, {"lang": "es", "value": "La funci\u00f3n dm_get_from_kobject en drivers/md/dm.c en el kernel de Linux, en versiones anteriores a la 4.14.3, permite que usuarios locales provoquen una denegaci\u00f3n de servicio (bug) aprovechando una condici\u00f3n de carrera en __dm_destroy durante la creaci\u00f3n y eliminaci\u00f3n de dispositivos DM."}], "id": "CVE-2017-18203", "lastModified": "2018-06-20T01:29:00.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-27T20:29:00.260", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103184"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:0676"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:1062"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:1854"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:4154"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3619-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3619-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3653-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3653-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3655-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3655-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3657-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4187"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}