Main Vulnerability Database SB2018121814

SB2018121814 - Red Hat update for kernel

Published: December 18, 2018

Security Bulletin ID SB2018121814

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2018-14646)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker can trigger NULL pointer dereference when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2018:3843