PT-2018-2962 · Linux+3 · Linux Kernel+3

Christian Brauner

Published

2017-12-08

Updated

2019-10-09

CVE-2018-14646

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.15-rc8

Description The issue is related to a NULL pointer dereference bug in the netlink ns capable() function, located in the net/netlink/af netlink.c file. A local attacker could exploit this bug when a net namespace with a netnsid is assigned, potentially causing a kernel panic and a denial of service.

Recommendations For Linux kernel versions prior to 4.15-rc8, update to version 4.15-rc8 or later to resolve the issue. As a temporary workaround, consider restricting access to the netlink ns capable() function to minimize the risk of exploitation.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2017-2771

ALT-PU-2018-1991

BDU:2019-02785

CESA-2018_3651

CVE-2018-14646

RHSA-2018:3651

RHSA-2018:3666

RHSA-2018:3843

RHSA-2018_3651

RHSA-2018_3666

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

PT-2018-2962 · Linux+3 · Linux Kernel+3

CVE-2018-14646

Weakness Enumeration

Related Identifiers

Affected Products

References · 13