CVE-2018-14641

moderate-risk

Published 2018-09-18

A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.

Do I need to act?

1.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (3)

Linux Kernel

Affected Vendors

Linux

References (8)

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2948

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641

Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d...

Exploit https://seclists.org/oss-sec/2018/q3/248

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2948

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641

Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d...

Exploit https://seclists.org/oss-sec/2018/q3/248

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 4/34 · Minimal

Exposure 9/34 · Low