CVE-2018-10938

Advisory lineage Upstream: 0 Downstream: 24

Downstream

DEBIAN-CVE-2018-10938 DLA-1531-1 DSA-4308-1 SUSE-SU-2018:2775-1 SUSE-SU-2018:2776-1 SUSE-SU-2018:2858-1

Modified

Published: 27 Aug 2018, 13:00

Last modified:05 Aug 2024, 07:54

Vulnerability Summary

Overall Risk (default)

medium

29/100

CVSS Score

7.1 HIGH

v2.0 (nvd)

EPSS Score

4.37% LOW

4% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Aug 2018, 13:00

Published

Vulnerability first disclosed

05 Aug 2024, 07:54

Last Modified

Vulnerability information updated

Description

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.

CVSS Metrics

v3.0•MEDIUM•Score: 5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•HIGH•Score: 7.1AV:N/AC:M/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 4.37%• Percentile: 89%

Techniques & Countermeasures

CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

canonical•ubuntu_linux
14.04 | 16.04
debian•debian_linux
9.0
linux•linux_kernel
4.0 | 4.0:rc1 | 4.0:rc2 | 4.0:rc3 | 4.0:rc4 | 4.0:rc5 | 4.0:rc6 | 4.0:rc7 | 4.1 | 4.1:rc1 | 4.1:rc2 | 4.1:rc3 | 4.1:rc4 | 4.1:rc5 | 4.1:rc6 | 4.1:rc7 | 4.1:rc8 | 4.2 | 4.2:rc1 | 4.2:rc2 | 4.2:rc3 | 4.2:rc4 | 4.2:rc5 | 4.2:rc6 | 4.2:rc7 | 4.2:rc8 | 4.3 | 4.3:rc1 | 4.3:rc2 | 4.3:rc3 | 4.3:rc4 | 4.3:rc5 | 4.3:rc6 | 4.3:rc7 | 4.4 | 4.4:rc1 | 4.4:rc2 | 4.4:rc3 | 4.4:rc4 | 4.4:rc5 | 4.4:rc6 | 4.4:rc7 | 4.4:rc8 | 4.5 | 4.5:rc1 | 4.5:rc2 | 4.5:rc3 | 4.5:rc4 | 4.5:rc5 | 4.5:rc6 | 4.5:rc7 | 4.6 | 4.6:rc1 | 4.6:rc2 | 4.6:rc3 | 4.6:rc4 | 4.6:rc5 | 4.6:rc6 | 4.6:rc7 | 4.7 | 4.7:rc1 | 4.7:rc2 | 4.7:rc3 | 4.7:rc4 | 4.7:rc5 | 4.7:rc6 | 4.7:rc7 | 4.8 | 4.8:rc1 | 4.8:rc2 | 4.8:rc3 | 4.8:rc4 | 4.8:rc5 | 4.8:rc6 | 4.8:rc7 | 4.8:rc8 | 4.9 | 4.9:rc1 | 4.9:rc2 | 4.9:rc3 | 4.9:rc4 | 4.9:rc5 | 4.9:rc6 | 4.9:rc7 | 4.9:rc8 | 4.10 | 4.10:rc1 | 4.10:rc2 | 4.10:rc3 | 4.10:rc4 | 4.10:rc5 | 4.10:rc6 | 4.10:rc7 | 4.10:rc8 | 4.11 | 4.11:rc1 | 4.11:rc2 | 4.11:rc3 | 4.11:rc4 | 4.11:rc5 | 4.11:rc6 | 4.11:rc7 | 4.11:rc8 | 4.1.2 | 4.12:rc1 | 4.12:rc2 | 4.12:rc3 | 4.12:rc4 | 4.12:rc5 | 4.12:rc6 | 4.12:rc7 | 4.13:rc1 | 4.13:rc2 | 4.13:rc3 | 4.13:rc4