Red Hat Bugzilla – Bug 1576419
CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
Last modified: 2018-08-22 06:37:30 EDT
A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls.
An upstream patch:
Name: Evgenii Shatokhin (Virtuozzo Team)
This was fixed for Fedora with the 4.16 rebases.
DCCP modules were blacklisted by default from auto-loading since RHEL-7.5 out of stability and security concerns. This means they won't be automatically loaded when requested by the socket layer - hence the need to load them manually.
Nevertheless, as the DCCP modules themselves are present and could be loaded, future Linux kernel updates for RHEL-6 and RHEL-7 may address this issue.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1854