CVE-2018-10938

Опубликовано: 27 авг. 2018

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1622404kernel: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows for DoS

EPSS

Процентиль: 90%

0.05953

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2018-10938

CVSS3: 5.9

ubuntu

почти 7 лет назад

CVE-2018-10938

CVSS3: 5.9

nvd

почти 7 лет назад

CVE-2018-10938

CVSS3: 5.9

debian

почти 7 лет назад

A flaw was found in the Linux kernel present since v4.0-rc1 and throug ...

SUSE-SU-2018:2964-1

suse-cvrf

больше 6 лет назад

Security update for the Linux Kernel (Live Patch 4 for SLE 15)

SUSE-SU-2018:2938-1

suse-cvrf

больше 6 лет назад

Security update for the Linux Kernel (Live Patch 2 for SLE 15)

EPSS

Процентиль: 90%

0.05953

Низкий

5.3 Medium

CVSS3