{"id":"CVE-2017-12190","details":"The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.","modified":"2026-03-12T22:31:02.527005Z","published":"2017-11-22T18:29:00.477Z","related":["MGASA-2017-0463","MGASA-2017-0466","MGASA-2017-0467","MGASA-2018-0062","MGASA-2018-0063","MGASA-2018-0064","SUSE-SU-2018:0834-1","SUSE-SU-2018:0848-1","SUSE-SU-2018:1080-1","SUSE-SU-2018:1172-1","SUSE-SU-2018:1309-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"},{"type":"WEB","url":"https://support.f5.com/csp/article/K93472064?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"WEB","url":"https://usn.ubuntu.com/3582-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/3582-2/"},{"type":"WEB","url":"https://usn.ubuntu.com/3583-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/3583-2/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1170"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1062"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1854"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0654"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0676"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1190"},{"type":"REPORT","url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"},{"type":"REPORT","url":"http://www.securityfocus.com/bid/101911"},{"type":"REPORT","url":"http://seclists.org/oss-sec/2017/q4/52"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1495089"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"},{"type":"FIX","url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"},{"type":"FIX","url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12190.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.13.7"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}]}