CVE-2018-14641 - OpenCVE

A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel:4.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:4.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:4.19:rc3::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-alt-0:4.14.0-115.el7a	cpe:/o:redhat:enterprise_linux:7	RHSA-2018:2948	2018-10-30T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2018:2948
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4
https://nvd.nist.gov/vuln/detail/CVE-2018-14641
https://seclists.org/oss-sec/2018/q3/248
https://www.cve.org/CVERecord?id=CVE-2018-14641

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-09-18T13:00:00

Updated: 2024-08-05T09:38:12.826Z

Reserved: 2018-07-27T00:00:00

Link: CVE-2018-14641

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-18T13:29:00.360

Modified: 2019-10-09T23:35:05.187

Link: CVE-2018-14641

Redhat

Severity : Important

Publid Date: 2018-09-18T09:00:00Z

Links: CVE-2018-14641 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "kernel", "vendor": "The Linux Foundation", "versions": [{"status": "affected", "version": "from 4.19-rc1 to 4.19-rc3 inclusive"}]}], "datePublic": "2018-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-456", "description": "CWE-456", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-10-31T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641"}, {"name": "RHSA-2018:2948", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"name": "[oss-security] 20180918 CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm()", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://seclists.org/oss-sec/2018/q3/248"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-14641", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kernel", "version": {"version_data": [{"version_value": "from 4.19-rc1 to 4.19-rc3 inclusive"}]}}]}, "vendor_name": "The Linux Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service."}]}, "impact": {"cvss": [[{"vectorString": "6.5/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-456"}]}]}, "references": {"reference_data": [{"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641"}, {"name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"name": "[oss-security] 20180918 CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm()", "refsource": "MLIST", "url": "https://seclists.org/oss-sec/2018/q3/248"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:38:12.826Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641"}, {"name": "RHSA-2018:2948", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"name": "[oss-security] 20180918 CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm()", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://seclists.org/oss-sec/2018/q3/248"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-14641", "datePublished": "2018-09-18T13:00:00", "dateReserved": "2018-07-27T00:00:00", "dateUpdated": "2024-08-05T09:38:12.826Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:4.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "951F810B-3F44-4EA9-8FC2-1370DC9A59D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "490A26B2-349C-4C71-AD40-2EA486A34DD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "1A60AAA7-F86C-4D3E-933D-0ECEFE637CEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service."}, {"lang": "es", "value": "Se ha encontrado un error de seguridad en la funci\u00f3n ip_frag_reasm() en net/ipv4/ip_fragment.c en el kernel de Linux, desde la versi\u00f3n 4.19-rc1 a la 4.19-rc3, lo que puede provocar un posterior cierre inesperado en ip_do_fragment(). Con ciertas configuraciones que no son por defecto, pero que no son raras, de un host v\u00edctima, un atacante puede desencadenar este cierre remotamente, conduciendo as\u00ed a una denegaci\u00f3n de servicio (DoS) remota."}], "id": "CVE-2018-14641", "lastModified": "2019-10-09T23:35:05.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-09-18T13:29:00.360", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2018/q3/248"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-456"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2018:2948", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}], "bugzilla": {"description": "kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment()", "id": "1629636", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629636"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-456", "details": ["A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.", "A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial of service."], "name": "CVE-2018-14641", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2018-09-18T09:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-14641\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14641"], "threat_severity": "Important", "upstream_fix": "kernel 4.19-rc4"}