CVE-2018-14646

Published: Nov 26, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.

Affected (15)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Tus, Enterprise Linux Workstation

Linux

1 product

Linux Kernel

Redhat

6 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.14
Linux Linux Kernel	Version 4.15 rc1
Linux Linux Kernel	Version 4.15 rc2
Linux Linux Kernel	Version 4.15 rc3
Linux Linux Kernel	Version 4.15 rc4
Linux Linux Kernel	Version 4.15 rc5
Linux Linux Kernel	Version 4.15 rc6
Linux Linux Kernel	Version 4.15 rc7

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Workstation	Version 7.0