CVE-2018-10938
high-risk
Published 2018-08-27
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.
Do I need to act?
~
4.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
References (18)
Mailing List
http://seclists.org/oss-sec/2018/q3/179
Third Party Advisory
http://www.securityfocus.com/bid/105154
Third Party Advisory
http://www.securitytracker.com/id/1041569
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938
Third Party Advisory
https://usn.ubuntu.com/3797-1/
Third Party Advisory
https://usn.ubuntu.com/3797-2/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4308
Mailing List
http://seclists.org/oss-sec/2018/q3/179
Third Party Advisory
http://www.securityfocus.com/bid/105154
Third Party Advisory
http://www.securitytracker.com/id/1041569
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938
Third Party Advisory
https://usn.ubuntu.com/3797-1/
Third Party Advisory
https://usn.ubuntu.com/3797-2/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4308
57
/ 100
high-risk
Severity
18/34 · Moderate
Exploitability
8/34 · Low
Exposure
31/34 · Critical