Bug 1630124 (CVE-2018-14646) - CVE-2018-14646 kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service
Summary: CVE-2018-14646 kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-14646
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1656636 1629907 1630693 1630694 1639635 1640162 1640163 1647813 1695836
Blocks: 1630126
TreeView+ depends on / blocked
 
Reported: 2018-09-18 03:15 UTC by Sam Fowler
Modified: 2021-02-16 23:02 UTC (History)
56 users (show)

Fixed In Version: kernel 4.15-rc8
Doc Type: If docs needed, set a value
Doc Text:
The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
Clone Of:
Environment:
Last Closed: 2019-06-10 10:38:16 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3651 0 None None None 2018-11-27 01:20:19 UTC
Red Hat Product Errata RHSA-2018:3666 0 None None None 2018-11-27 01:20:55 UTC
Red Hat Product Errata RHSA-2018:3843 0 None None None 2018-12-18 14:45:01 UTC

Description Sam Fowler 2018-09-18 03:15:58 UTC
The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.

References:

https://marc.info/?l=linux-netdev&m=151500466401174&w=2

An upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee

Comment 6 Jason Shepherd 2018-09-19 22:55:46 UTC
Acknowledgments:

Name: Christian Brauner

Comment 8 Jason Shepherd 2018-09-21 01:28:20 UTC
Statement:

If you're not running container images, or creating net namepaces exposed to potentially malicious workloads this issue has a security impact of moderate. This issue has an important impact if the system is being used to run container images with untrusted content, such as an OpenShift Container Platform compute node.

Comment 12 errata-xmlrpc 2018-11-27 01:19:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3651

Comment 13 errata-xmlrpc 2018-11-27 01:20:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3666 https://access.redhat.com/errata/RHSA-2018:3666

Comment 15 errata-xmlrpc 2018-12-18 14:44:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2018:3843 https://access.redhat.com/errata/RHSA-2018:3843


Note You need to log in before you can comment on or make changes to this bug.