CVE-2018-14641
6.5
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Linux Foundation | kernel | from 4.19-rc1 to 4.19-rc3 inclusive | affected |
Weaknesses
- CWE-456: CWE-456
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641
- https://access.redhat.com/errata/RHSA-2018:2948
- https://seclists.org/oss-sec/2018/q3/248
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641
- https://access.redhat.com/errata/RHSA-2018:2948
- https://seclists.org/oss-sec/2018/q3/248
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.