CVE-2018-1065

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.15.7

Description The netfilter subsystem in the Linux kernel mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP NET RAW or CAP NET ADMIN capability. This issue is related to functions such as arpt do table in net/ipv4/netfilter/arp tables.c, ipt do table in net/ipv4/netfilter/ip tables.c, and ip6t do table in net/ipv6/netfilter/ip6 tables.c.

Recommendations For Linux kernel versions through 4.15.7, consider updating to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the CAP NET RAW or CAP NET ADMIN capability to minimize the risk of denial of service attacks.