7.1

CVE-2018-10938

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version4.0
LinuxLinux Kernel Version4.0 Updaterc1
LinuxLinux Kernel Version4.0 Updaterc2
LinuxLinux Kernel Version4.0 Updaterc3
LinuxLinux Kernel Version4.0 Updaterc4
LinuxLinux Kernel Version4.0 Updaterc5
LinuxLinux Kernel Version4.0 Updaterc6
LinuxLinux Kernel Version4.0 Updaterc7
LinuxLinux Kernel Version4.1
LinuxLinux Kernel Version4.1 Updaterc1
LinuxLinux Kernel Version4.1 Updaterc2
LinuxLinux Kernel Version4.1 Updaterc3
LinuxLinux Kernel Version4.1 Updaterc4
LinuxLinux Kernel Version4.1 Updaterc5
LinuxLinux Kernel Version4.1 Updaterc6
LinuxLinux Kernel Version4.1 Updaterc7
LinuxLinux Kernel Version4.1 Updaterc8
LinuxLinux Kernel Version4.2
LinuxLinux Kernel Version4.2 Updaterc1
LinuxLinux Kernel Version4.2 Updaterc2
LinuxLinux Kernel Version4.2 Updaterc3
LinuxLinux Kernel Version4.2 Updaterc4
LinuxLinux Kernel Version4.2 Updaterc5
LinuxLinux Kernel Version4.2 Updaterc6
LinuxLinux Kernel Version4.2 Updaterc7
LinuxLinux Kernel Version4.2 Updaterc8
LinuxLinux Kernel Version4.3
LinuxLinux Kernel Version4.3 Updaterc1
LinuxLinux Kernel Version4.3 Updaterc2
LinuxLinux Kernel Version4.3 Updaterc3
LinuxLinux Kernel Version4.3 Updaterc4
LinuxLinux Kernel Version4.3 Updaterc5
LinuxLinux Kernel Version4.3 Updaterc6
LinuxLinux Kernel Version4.3 Updaterc7
LinuxLinux Kernel Version4.4
LinuxLinux Kernel Version4.4 Updaterc1
LinuxLinux Kernel Version4.4 Updaterc2
LinuxLinux Kernel Version4.4 Updaterc3
LinuxLinux Kernel Version4.4 Updaterc4
LinuxLinux Kernel Version4.4 Updaterc5
LinuxLinux Kernel Version4.4 Updaterc6
LinuxLinux Kernel Version4.4 Updaterc7
LinuxLinux Kernel Version4.4 Updaterc8
LinuxLinux Kernel Version4.5
LinuxLinux Kernel Version4.5 Updaterc1
LinuxLinux Kernel Version4.5 Updaterc2
LinuxLinux Kernel Version4.5 Updaterc3
LinuxLinux Kernel Version4.5 Updaterc4
LinuxLinux Kernel Version4.5 Updaterc5
LinuxLinux Kernel Version4.5 Updaterc6
LinuxLinux Kernel Version4.5 Updaterc7
LinuxLinux Kernel Version4.6
LinuxLinux Kernel Version4.6 Updaterc1
LinuxLinux Kernel Version4.6 Updaterc2
LinuxLinux Kernel Version4.6 Updaterc3
LinuxLinux Kernel Version4.6 Updaterc4
LinuxLinux Kernel Version4.6 Updaterc5
LinuxLinux Kernel Version4.6 Updaterc6
LinuxLinux Kernel Version4.6 Updaterc7
LinuxLinux Kernel Version4.7
LinuxLinux Kernel Version4.7 Updaterc1
LinuxLinux Kernel Version4.7 Updaterc2
LinuxLinux Kernel Version4.7 Updaterc3
LinuxLinux Kernel Version4.7 Updaterc4
LinuxLinux Kernel Version4.7 Updaterc5
LinuxLinux Kernel Version4.7 Updaterc6
LinuxLinux Kernel Version4.7 Updaterc7
LinuxLinux Kernel Version4.8
LinuxLinux Kernel Version4.8 Updaterc1
LinuxLinux Kernel Version4.8 Updaterc2
LinuxLinux Kernel Version4.8 Updaterc3
LinuxLinux Kernel Version4.8 Updaterc4
LinuxLinux Kernel Version4.8 Updaterc5
LinuxLinux Kernel Version4.8 Updaterc6
LinuxLinux Kernel Version4.8 Updaterc7
LinuxLinux Kernel Version4.8 Updaterc8
LinuxLinux Kernel Version4.9
LinuxLinux Kernel Version4.9 Updaterc1
LinuxLinux Kernel Version4.9 Updaterc2
LinuxLinux Kernel Version4.9 Updaterc3
LinuxLinux Kernel Version4.9 Updaterc4
LinuxLinux Kernel Version4.9 Updaterc5
LinuxLinux Kernel Version4.9 Updaterc6
LinuxLinux Kernel Version4.9 Updaterc7
LinuxLinux Kernel Version4.9 Updaterc8
LinuxLinux Kernel Version4.10
LinuxLinux Kernel Version4.10 Updaterc1
LinuxLinux Kernel Version4.10 Updaterc2
LinuxLinux Kernel Version4.10 Updaterc3
LinuxLinux Kernel Version4.10 Updaterc4
LinuxLinux Kernel Version4.10 Updaterc5
LinuxLinux Kernel Version4.10 Updaterc6
LinuxLinux Kernel Version4.10 Updaterc7
LinuxLinux Kernel Version4.10 Updaterc8
LinuxLinux Kernel Version4.11
LinuxLinux Kernel Version4.11 Updaterc1
LinuxLinux Kernel Version4.11 Updaterc2
LinuxLinux Kernel Version4.11 Updaterc3
LinuxLinux Kernel Version4.11 Updaterc4
LinuxLinux Kernel Version4.11 Updaterc5
LinuxLinux Kernel Version4.11 Updaterc6
LinuxLinux Kernel Version4.11 Updaterc7
LinuxLinux Kernel Version4.11 Updaterc8
LinuxLinux Kernel Version4.12
LinuxLinux Kernel Version4.12 Updaterc1
LinuxLinux Kernel Version4.12 Updaterc2
LinuxLinux Kernel Version4.12 Updaterc3
LinuxLinux Kernel Version4.12 Updaterc4
LinuxLinux Kernel Version4.12 Updaterc5
LinuxLinux Kernel Version4.12 Updaterc6
LinuxLinux Kernel Version4.12 Updaterc7
LinuxLinux Kernel Version4.13 Updaterc1
LinuxLinux Kernel Version4.13 Updaterc2
LinuxLinux Kernel Version4.13 Updaterc3
LinuxLinux Kernel Version4.13 Updaterc4
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
DebianDebian Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2018/dsa-4308
Third Party Advisory
https://usn.ubuntu.com/3797-1/
Third Party Advisory
https://usn.ubuntu.com/3797-2/
Third Party Advisory
http://seclists.org/oss-sec/2018/q3/179
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/105154
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041569
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938
Third Party Advisory
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149
Third Party Advisory
Mailing List