The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window. References: https://marc.info/?t=151004877700005&r=1&w=2 An upsteam patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=687cb0884a714ff484d038e9190edc874edcf146
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1549622]
This was fixed for fedora with the 4.14.4 stable updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2772 https://access.redhat.com/errata/RHSA-2018:2772