CVE-2018-14641

Exploit

EPSS 1.36%
Veröffentlicht 18.09.2018 13:29:00
Zuletzt bearbeitet 21.11.2024 03:49:29
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version4.19 Updaterc1

Linux ≫ Linux Kernel Version4.19 Updaterc2

Linux ≫ Linux Kernel Version4.19 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.36%	0.794

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-456 Missing Initialization of a Variable

The product does not initialize critical variables, which causes the execution environment to use unexpected values.

https://access.redhat.com/errata/RHSA-2018:2948

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641

Patch

Issue Tracking

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4

Patch

Vendor Advisory

https://seclists.org/oss-sec/2018/q3/248

Patch