QwikSec

Security Database

CVE

CWE

Training

CVE-2018-10938

Published: Aug 27, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20180827 CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149

x_refsource_CONFIRM

[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.