The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. References: https://marc.info/?l=linux-netdev&m=151500466401174&w=2 An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee
Acknowledgments: Name: Christian Brauner
Statement: If you're not running container images, or creating net namepaces exposed to potentially malicious workloads this issue has a security impact of moderate. This issue has an important impact if the system is being used to run container images with untrusted content, such as an OpenShift Container Platform compute node.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3651
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3666 https://access.redhat.com/errata/RHSA-2018:3666
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2018:3843 https://access.redhat.com/errata/RHSA-2018:3843