CVE-2016-10723

MEDIUM Year: 2016
CVSS v3 Score
5.5
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-399
View all →

Vulnerability Description

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle.

Related Vulnerabilities

CVE-2010-5329

MEDIUM
CVSS:5.5(Medium)

The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which mig...

CWE-3992010

CVE-2011-2479

MEDIUM
CVSS:5.5(Medium)

The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system...

CWE-3992011

CVE-2014-8171

MEDIUM
CVSS:5.5(Medium)

The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

CWE-3992014

CVE-2014-9637

MEDIUM
CVSS:5.5(Medium)

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

CWE-3992014

CVE-2014-9853

MEDIUM
CVSS:5.5(Medium)

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

CWE-3992014

CVE-2015-7313

MEDIUM
CVSS:5.5(Medium)

LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.

CWE-3992015