CVE-2018-1130NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference18 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.1
EPSS
0.0%
top 86.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelDebian LinuxCanonical Ubuntu Linux+4 more
Timeline
PublishedMay 10
Latest updateMay 13

Description

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel< 4.16+1
Debianlinux/linux_kernel< 4.15.17-1+3
Ubuntulinux/linux_kernel< 3.13.0-153.203+1
debiandebian/linux< linux 4.15.17-1 (bookworm)

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 14.04, 16.04

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: marc.info

🔴Vulnerability Details

7
GHSA
GHSA-97cw-x85w-v9jc: Linux kernel before version 42022-05-13
OSV
linux vulnerabilities2018-07-02
OSV
linux-oem vulnerabilities2018-07-02
OSV
linux, linux-aws, linux-kvm, vulnerabilities2018-05-22
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-05-22

📋Vendor Advisories

9
Ubuntu
Linux kernel vulnerabilities2018-07-02
Ubuntu
Linux kernel vulnerabilities2018-07-02
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-07-02
Ubuntu
Linux kernel (OEM) vulnerabilities2018-07-02
Ubuntu
Linux kernel vulnerabilities2018-05-22

💬Community

1
Bugzilla
CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash2018-05-09