CVE-2018-1066NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference9 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
5.0%
top 10.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedMar 2
Latest updateMay 14

Description

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 4.11.6-1+3
Ubuntulinux/linux_kernel< 3.13.0-165.215
NVDlinux/linux_kernel4.10.15
debiandebian/linux< linux 4.11.6-1 (bookworm)

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04

Patches

Patch: git.kernel.orgPatch: github.comPatch: patchwork.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-32qx-3229-j5m2: The Linux kernel before version 42022-05-14
OSV
linux vulnerabilities2019-02-04
OSV
CVE-2018-1066: The Linux kernel before version 42018-03-02

📋Vendor Advisories

4
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2019-02-04
Ubuntu
Linux kernel vulnerabilities2019-02-04
Debian
CVE-2018-1066: linux - The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference...2018
Red Hat
kernel: Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned in NTLMSSP setup negotiation response allowing to crash client's kernel2014-10-20

💬Community

1
Bugzilla
CVE-2018-1066 kernel: Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned in NTLMSSP setup negotiation response allowing to crash client's kernel2018-01-29