Medium severity5.5NVD Advisory· Published Jun 5, 2018· Updated Jun 17, 2026
CVE-2018-1000200
CVE-2018-1000200
Description
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords13 versionspkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-livepatch-SLE15_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
< 4.12.14-25.3.1+ 12 more
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 1-1.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
Patches
Vulnerability mechanics
References
10- git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/nvdMitigationPatchVendor Advisory
- seclists.org/oss-sec/2018/q2/67nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/104397nvdThird Party AdvisoryVDB Entry
- access.redhat.com/security/cve/cve-2018-1000200nvdThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2948nvd
- usn.ubuntu.com/3752-1/nvd
- usn.ubuntu.com/3752-2/nvd
- usn.ubuntu.com/3752-3/nvd
News mentions
0No linked articles in our index yet.