oss-sec mailing list archives

Re: CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process

From: David Rientjes <rientjes () google com>
Date: Mon, 14 May 2018 14:35:14 -0700 (PDT)

On Tue, 24 Apr 2018, David Rientjes wrote:

Hi all,

Out of memory (oom) killing a process that has large spans of mlocked 
memory can result in a bad memory access or a NULL pointer dereference due 
to concurrent memory unmapping by the oom reaper kernel thread.

This affects Linux 4.14, 4.15, and 4.16.


The fix for this has been merged into 4.17-rc5 as commit 27ae357fa82b 
("mm, oom: fix concurrent munlock and oom reaper unmap, v3"), see 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a

Furthermore, it has been staged for inclusion in both the 4.14 and 4.16 
stable kernels.

Current thread:

CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process David Rientjes (Apr 24)
- Re: CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process David Rientjes (May 14)