SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel Bug in cipso_v4_optptr() Lets Remote Users Deny Service
SecurityTracker Alert ID:  1041569
SecurityTracker URL:  http://securitytracker.com/id/1041569
CVE Reference:   CVE-2018-10938   (Links to External Site)
Date:  Aug 27 2018
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0-rc1 through 4.13-rc4
Description:   A vulnerability was reported in the Linux kernel. A remote user can cause denial of service conditions on the target system.

A remote user can send specially crafted data to trigger an infinite loop in the cipso_v4_optptr() function in 'net/ipv4/cipso_ipv4.c'.
Impact:   A remote user can cause the kernel to enter an infinite loop.
Solution:   The vendor has issued a source code fix, available at:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 5 2018 (Oracle Issues Fix for Oracle Linux) Linux Kernel Bug in cipso_v4_optptr() Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 6 and 7.
Oct 23 2018 (Ubuntu Issues Fix) Linux Kernel Bug in cipso_v4_optptr() Lets Remote Users Deny Service
Ubuntu has issued a fix for Ubuntu Linux 16.04 LTS.


 Source Message Contents
Subject:  [oss-security] CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS

Heololo,

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4.
A crafted network packet sent remotely by an attacker may force the kernel to enter
an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading
to a denial-of-service.

All the kernels with the cipso_v4_optptr() function which have not backported
the upstream commit 40413955ee26 are vulnerable.

Thanks to Yves Younan from Cisco for mentioning this.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1622404

Upstream Patch introduced the flaw:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04f81f0154e4bf002be6f4d85668ce1257efa4d9

Upstream Patch fixed the flaw:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC