The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving in-kernel TLS implementation. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. References: https://groups.google.com/forum/#!msg/syzkaller-bugs/0PBeVnSzfqQ/5eXAlM46BQAJ https://patchwork.ozlabs.org/patch/801530/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1535111]
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. The code of in-kernel TLS implementation with the flaw is not enabled and is not built in the products listed.