Denial of service in Linux Kernel

Published: 2018-01-12 14:02:04
Severity Medium
Patch available YES
Number of vulnerabilities 2
CVSSv2 5.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
3.6 (AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
CVSSv3 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.6 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2018-5333
CVE-2018-5332
CWE ID CWE-476
CWE-787
Exploitation vector Network
Public exploit Not available
Vulnerable software Linux kernel
Vulnerable software versions Linux kernel 4.14.1
Linux kernel 4.14.2
Linux kernel 4.14.3
Show more
Vendor URL Linux Foundation
Advisory type Public

Security Advisory

1) Null pointer dereference

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the rds_cmsg_atomic function due to insufficient handling of user-supplied input. A remote attacker can send a specially crafted HTTP request, trigger NULL pointer dereference and cause the system to crash.

Remediation

Install update from vendor's website.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee...

2) Heap out-of-bounds write

Description

The vulnerability allows a local attacker to  cause DoS condition on the target system.

The weakness exists in the rds_message_alloc_sgs() function due to improper validation of DMA page allocation values. A local attacker can trigger a heap-based out-of-bounds write and cause the system to crash.

Remediation

Install update from vendor's website.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e7...

Back to List