Bug 1630124 (CVE-2018-14646)
Summary: | CVE-2018-14646 kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abhgupta, acaringi, airlied, aquini, bhu, blc, brdeoliv, bskeggs, dbaker, dhoward, dvlasenk, ewk, fhrbata, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarodwilson, jbenc, jforbes, jglisse, jkacur, john.j5live, jokerman, jonathan, josef, jross, jshepherd, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, mmilgram, nmurray, plougher, rt-maint, rvrbovsk, security-response-team, sfowler, skozina, smeisner, steved, sthangav, trankin, vdronov, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 4.15-rc8 | Doc Type: | If docs needed, set a value |
Doc Text: |
The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:38:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1656636, 1629907, 1630693, 1630694, 1639635, 1640162, 1640163, 1647813, 1695836 | ||
Bug Blocks: | 1630126 |
Description
Sam Fowler
2018-09-18 03:15:58 UTC
Acknowledgments: Name: Christian Brauner Statement: If you're not running container images, or creating net namepaces exposed to potentially malicious workloads this issue has a security impact of moderate. This issue has an important impact if the system is being used to run container images with untrusted content, such as an OpenShift Container Platform compute node. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3651 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3666 https://access.redhat.com/errata/RHSA-2018:3666 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2018:3843 https://access.redhat.com/errata/RHSA-2018:3843 |