Vulnerability Description
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 4.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2018/q3/179Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/105154Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041569Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40Mailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlMailing ListThird Party Advisory
- https://usn.ubuntu.com/3797-1/Third Party Advisory
- https://usn.ubuntu.com/3797-2/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4308Third Party Advisory
- http://seclists.org/oss-sec/2018/q3/179Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/105154Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041569Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40Mailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2018-10938?
CVE-2018-10938 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_...
How severe is CVE-2018-10938?
CVE-2018-10938 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10938?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux.