[email protected]NVD:CVE-2018-1130

HistoryMay 10, 2018 - 1:29 p.m.

CVE-2018-1130

2018-05-1013:29:00

CWE-476

[email protected]

web.nvd.nist.gov

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

Affected configurations

NVD

Node

linuxlinux_kernelRange<4.16

linuxlinux_kernelMatch4.16rc1

linuxlinux_kernelMatch4.16rc2

linuxlinux_kernelMatch4.16rc3

linuxlinux_kernelMatch4.16rc4

linuxlinux_kernelMatch4.16rc5

linuxlinux_kernelMatch4.16rc6

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

References

access.redhat.com/errata/RHSA-2018:1854

access.redhat.com/errata/RHSA-2018:3083

access.redhat.com/errata/RHSA-2018:3096

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2

lists.debian.org/debian-lts-announce/2018/06/msg00000.html

lists.debian.org/debian-lts-announce/2018/07/msg00015.html

lists.debian.org/debian-lts-announce/2018/07/msg00016.html

lists.debian.org/debian-lts-announce/2018/07/msg00020.html

marc.info/?l=linux-netdev&m=152036596825220&w=2

syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94

usn.ubuntu.com/3654-1/

usn.ubuntu.com/3654-2/

usn.ubuntu.com/3656-1/

usn.ubuntu.com/3697-1/

usn.ubuntu.com/3697-2/

usn.ubuntu.com/3698-1/

usn.ubuntu.com/3698-2/

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for NVD:CVE-2018-1130

prion1 redhatcve1 f51 cve1 veracode1 debiancve1 cvelist1 ubuntucve1 openvas29 nessus47 debian4 osv3 virtuozzo3 ubuntu7 oraclelinux5 mageia3 suse2 photon2 cloudfoundry1 centos2 redhat3 ibm1