PT-2018-3419 · Linux+2 · Linux Kernel+2

Yves Younan

Published

2018-08-27

Updated

2019-10-03

CVE-2018-10938

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.0-rc1 through 4.13-rc4

Description: A flaw in the Linux kernel may cause it to enter an infinite loop in the cipso v4 optptr() function when a crafted network packet is sent remotely, leading to a denial-of-service. This issue can be exploited if a certain non-default configuration of LSM (Linux Security Module) and NetLabel is set up on the system.

Recommendations: For Linux kernel versions 4.0-rc1 through 4.13-rc4, as a temporary workaround, consider disabling the cipso v4 optptr() function until a patch is available. Restrict access to the net/ipv4/cipso ipv4.c module to minimize the risk of exploitation. Avoid using non-default configurations of LSM and NetLabel that could enable this flaw. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2020-00847

CVE-2018-10938

DLA-1531-1

DSA-4308-1

OPENSUSE-SU-2018_2738-1

OPENSUSE-SU-2018_3071-1

SUSE-SU-2018:2775-1

SUSE-SU-2018:2776-1

SUSE-SU-2018:2858-1

SUSE-SU-2018:2860-1

SUSE-SU-2018:2862-1

SUSE-SU-2018:2864-1

SUSE-SU-2018:2935-1

SUSE-SU-2018:2938-1

SUSE-SU-2018:2940-1

SUSE-SU-2018:2961-1

SUSE-SU-2018:2962-1

SUSE-SU-2018:2963-1

SUSE-SU-2018:2964-1

SUSE-SU-2018:2980-1

SUSE-SU-2018:2981-1

SUSE-SU-2018:3029-1

SUSE-SU-2018:3084-1

SUSE-SU-2018:3961-1

SUSE-SU-2018_2938-1

SUSE-SU-2018_2980-1

SUSE-SU-2018_2981-1

USN-3797-1

USN-3797-2

Affected Products

Linux Kernel

Suse

Ubuntu

PT-2018-3419 · Linux+2 · Linux Kernel+2

CVE-2018-10938

Weakness Enumeration

Related Identifiers

Affected Products

References · 524