In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Server
  • Enterprise Linux Workstation
  • Enterprise Mrg
  • Rhel Extras Rt
  • Virtualization Host

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-754.el6 cpe:/o:redhat:enterprise_linux:6 RHSA-2018:1854 2018-06-19T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-957.rt56.910.el7 cpe:/a:redhat:rhel_extras_rt:7 RHSA-2018:3096 2018-10-30T00:00:00Z
kernel-alt-0:4.14.0-115.el7a cpe:/o:redhat:enterprise_linux:7 RHSA-2018:2948 2018-10-30T00:00:00Z
kernel-0:3.10.0-957.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2018:3083 2018-10-30T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-693.46.1.rt56.639.el6rt cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2019:0641 2019-03-26T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2018:1854 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2948 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:3083 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:3096 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0641 cve-icon cve-icon
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102 cve-icon cve-icon
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51 cve-icon cve-icon
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25 cve-icon cve-icon
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8 cve-icon cve-icon
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121 cve-icon cve-icon
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87 cve-icon cve-icon
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-5803 cve-icon
https://secuniaresearch.flexerasoftware.com/advisories/81331/ cve-icon cve-icon
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/ cve-icon cve-icon
https://usn.ubuntu.com/3654-1/ cve-icon cve-icon
https://usn.ubuntu.com/3654-2/ cve-icon cve-icon
https://usn.ubuntu.com/3656-1/ cve-icon cve-icon
https://usn.ubuntu.com/3697-1/ cve-icon cve-icon
https://usn.ubuntu.com/3697-2/ cve-icon cve-icon
https://usn.ubuntu.com/3698-1/ cve-icon cve-icon
https://usn.ubuntu.com/3698-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-5803 cve-icon
https://www.debian.org/security/2018/dsa-4187 cve-icon cve-icon
https://www.debian.org/security/2018/dsa-4188 cve-icon cve-icon
https://www.spinics.net/lists/linux-sctp/msg07036.html cve-icon cve-icon
https://www.spinics.net/lists/netdev/msg482523.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2018-06-12T16:00:00

Updated: 2024-08-05T05:47:55.973Z

Reserved: 2018-01-19T00:00:00

Link: CVE-2018-5803

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-06-12T16:29:00.453

Modified: 2019-03-27T16:17:25.307

Link: CVE-2018-5803

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-02-09T00:00:00Z

Links: CVE-2018-5803 - Bugzilla