^{CVE-2017-18221:}Linux kernel vulnerability in __munlock_pagevec function allows local denial of service through NR_MLOCK accounting corruption.

Overview

This vulnerability affects the memory management subsystem of the Linux kernel, specifically the mechanism that handles locking pages in memory. The __munlock_pagevec function contains a flaw in how it tracks and accounts for locked memory pages. By manipulating the mlockall and munlockall system calls in a specific sequence, an attacker with local access can cause corruption in the NR_MLOCK counter, which tracks the number of locked pages. This corruption can lead to kernel instability, resource exhaustion, or complete system crashes. The vulnerability is particularly concerning in multi-user environments where local users should not be able to affect system stability.

Remediation

To address this vulnerability, system administrators should:

1. Update the Linux kernel to version 4.11.4 or later which contains the fix.
2. If running Ubuntu, apply the security updates referenced in USN-3655-1 and USN-3655-2.
3. If immediate patching is not possible, consider implementing additional access controls to restrict who can use the mlockall/munlockall system calls.
4. Monitor system logs for unusual memory-related errors or crashes that might indicate exploitation attempts.
5. For systems where kernel updates are challenging, apply the specific patch referenced in the kernel commit (70feee0e1ef331b22cc51f383d532a0d043fbdcc).

References

1. Linux Kernel Patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc
2. GitHub Mirror of Patch: https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc
3. Security Focus BID: http://www.securityfocus.com/bid/103321
4. Ubuntu Security Notice USN-3655-1: https://usn.ubuntu.com/3655-1/
5. Ubuntu Security Notice USN-3655-2: https://usn.ubuntu.com/3655-2/
6. Linux Kernel 4.11.4 Changelog: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4