Linux Kernel Bug in cipso_v4_optptr() Lets Remote Users Deny Service
|
SecurityTracker Alert ID: 1041569 |
SecurityTracker URL: http://securitytracker.com/id/1041569
|
CVE Reference:
CVE-2018-10938
(Links to External Site)
|
Date: Aug 27 2018
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0-rc1 through 4.13-rc4
|
Description:
A vulnerability was reported in the Linux kernel. A remote user can cause denial of service conditions on the target system.
A remote user can send specially crafted data to trigger an infinite loop in the cipso_v4_optptr() function in 'net/ipv4/cipso_ipv4.c'.
|
Impact:
A remote user can cause the kernel to enter an infinite loop.
|
Solution:
The vendor has issued a source code fix, available at:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
State error
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Subject: [oss-security] CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS
|
Heololo,
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4.
A crafted network packet sent remotely by an attacker may force the kernel to enter
an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading
to a denial-of-service.
All the kernels with the cipso_v4_optptr() function which have not backported
the upstream commit 40413955ee26 are vulnerable.
Thanks to Yves Younan from Cisco for mentioning this.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1622404
Upstream Patch introduced the flaw:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04f81f0154e4bf002be6f4d85668ce1257efa4d9
Upstream Patch fixed the flaw:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149
Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
|
|