CVE-2018-10938 — Infinite Loop in Linux

CWE-835 — Infinite Loop CWE-400 — Uncontrolled Resource Consumption10 documents7 sources

Severity

5.9MEDIUMNVD

EPSS

4.4%

top 11.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux +1 more

Timeline

PublishedAug 27

Latest updateMay 13

Description

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶Debianlinux/linux_kernel< 4.13.4-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-138.164

▶NVDlinux/linux_kernel14 versions+13

▶debiandebian/linux< linux 4.13.4-1 (bookworm)

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04

🔴Vulnerability Details

GHSA

GHSA-c4j8-6xxf-p927: A flaw was found in the Linux kernel present since v4↗2022-05-13

▶

OSV

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities↗2018-10-23

▶

OSV

linux-lts-xenial, linux-aws vulnerabilities↗2018-10-23

▶

OSV

CVE-2018-10938: A flaw was found in the Linux kernel present since v4↗2018-08-27

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2018-10-23

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2018-10-23

▶

Red Hat

kernel: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows for DoS↗2018-08-27

▶

Debian

CVE-2018-10938: linux - A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc...↗2018

▶

💬Community

Bugzilla

CVE-2018-10938 kernel: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows for DoS↗2018-08-27

▶