CVE-2018-7492NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference17 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV6.7OSV4.7
EPSS
0.1%
top 78.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedFeb 26
Latest updateMay 14

Description

A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel< 4.14.7
Debianlinux/linux_kernel< 4.14.7-1+3
Ubuntulinux/linux_kernel< 3.13.0-151.201+1
debiandebian/linux< linux 4.14.7-1 (bookworm)

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10

Patches

Patch: git.kernel.orgPatch: github.comPatch: patchwork.kernel.org

🔴Vulnerability Details

6
GHSA
GHSA-w26q-7wf7-m5ph: A NULL pointer dereference was found in the net/rds/rdma2022-05-14
OSV
linux-hwe, linux-gcp, linux-oem vulnerabilities2018-06-12
OSV
linux vulnerabilities2018-06-11
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-04-05
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2018-04-04

📋Vendor Advisories

8
Ubuntu
Linux kernel (HWE) vulnerabilities2018-06-12
Ubuntu
Linux kernel vulnerabilities2018-06-11
Ubuntu
Linux kernel vulnerabilities2018-06-11
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-06-11
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-04-05

💬Community

2
Bugzilla
CVE-2018-7492 kernel: Null pointer dereference in net/rds/rdma.c:__rds_rdma_map() allowing local attackers to cause denial-of-service2017-12-19
Bugzilla
CVE-2018-7492 kernel: Null pointer dereference in net/rds/rdma.c:__rds_rdma_map() allowing local attackers to cause denial-of-service [fedora-all]2017-12-19