CVE-2018-10938

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
linuxlinux_kernel
4.0
linuxlinux_kernel
4.0:rc1
linuxlinux_kernel
4.0:rc2
linuxlinux_kernel
4.0:rc3
linuxlinux_kernel
4.0:rc4
linuxlinux_kernel
4.0:rc5
linuxlinux_kernel
4.0:rc6
linuxlinux_kernel
4.0:rc7
linuxlinux_kernel
4.1
linuxlinux_kernel
4.1:rc1
linuxlinux_kernel
4.1:rc2
linuxlinux_kernel
4.1:rc3
linuxlinux_kernel
4.1:rc4
linuxlinux_kernel
4.1:rc5
linuxlinux_kernel
4.1:rc6
linuxlinux_kernel
4.1:rc7
linuxlinux_kernel
4.1:rc8
linuxlinux_kernel
4.2
linuxlinux_kernel
4.2:rc1
linuxlinux_kernel
4.2:rc2
linuxlinux_kernel
4.2:rc3
linuxlinux_kernel
4.2:rc4
linuxlinux_kernel
4.2:rc5
linuxlinux_kernel
4.2:rc6
linuxlinux_kernel
4.2:rc7
linuxlinux_kernel
4.2:rc8
linuxlinux_kernel
4.3
linuxlinux_kernel
4.3:rc1
linuxlinux_kernel
4.3:rc2
linuxlinux_kernel
4.3:rc3
linuxlinux_kernel
4.3:rc4
linuxlinux_kernel
4.3:rc5
linuxlinux_kernel
4.3:rc6
linuxlinux_kernel
4.3:rc7
linuxlinux_kernel
4.4
linuxlinux_kernel
4.4:rc1
linuxlinux_kernel
4.4:rc2
linuxlinux_kernel
4.4:rc3
linuxlinux_kernel
4.4:rc4
linuxlinux_kernel
4.4:rc5
linuxlinux_kernel
4.4:rc6
linuxlinux_kernel
4.4:rc7
linuxlinux_kernel
4.4:rc8
linuxlinux_kernel
4.5
linuxlinux_kernel
4.5:rc1
linuxlinux_kernel
4.5:rc2
linuxlinux_kernel
4.5:rc3
linuxlinux_kernel
4.5:rc4
linuxlinux_kernel
4.5:rc5
linuxlinux_kernel
4.5:rc6
linuxlinux_kernel
4.5:rc7
linuxlinux_kernel
4.6
linuxlinux_kernel
4.6:rc1
linuxlinux_kernel
4.6:rc2
linuxlinux_kernel
4.6:rc3
linuxlinux_kernel
4.6:rc4
linuxlinux_kernel
4.6:rc5
linuxlinux_kernel
4.6:rc6
linuxlinux_kernel
4.6:rc7
linuxlinux_kernel
4.7
linuxlinux_kernel
4.7:rc1
linuxlinux_kernel
4.7:rc2
linuxlinux_kernel
4.7:rc3
linuxlinux_kernel
4.7:rc4
linuxlinux_kernel
4.7:rc5
linuxlinux_kernel
4.7:rc6
linuxlinux_kernel
4.7:rc7
linuxlinux_kernel
4.8
linuxlinux_kernel
4.8:rc1
linuxlinux_kernel
4.8:rc2
linuxlinux_kernel
4.8:rc3
linuxlinux_kernel
4.8:rc4
linuxlinux_kernel
4.8:rc5
linuxlinux_kernel
4.8:rc6
linuxlinux_kernel
4.8:rc7
linuxlinux_kernel
4.8:rc8
linuxlinux_kernel
4.9
linuxlinux_kernel
4.9:rc1
linuxlinux_kernel
4.9:rc2
linuxlinux_kernel
4.9:rc3
linuxlinux_kernel
4.9:rc4
linuxlinux_kernel
4.9:rc5
linuxlinux_kernel
4.9:rc6
linuxlinux_kernel
4.9:rc7
linuxlinux_kernel
4.9:rc8
linuxlinux_kernel
4.10
linuxlinux_kernel
4.10:rc1
linuxlinux_kernel
4.10:rc2
linuxlinux_kernel
4.10:rc3
linuxlinux_kernel
4.10:rc4
linuxlinux_kernel
4.10:rc5
linuxlinux_kernel
4.10:rc6
linuxlinux_kernel
4.10:rc7
linuxlinux_kernel
4.10:rc8
linuxlinux_kernel
4.11
linuxlinux_kernel
4.11:rc1
linuxlinux_kernel
4.11:rc2
linuxlinux_kernel
4.11:rc3
linuxlinux_kernel
4.11:rc4
linuxlinux_kernel
4.11:rc5
linuxlinux_kernel
4.11:rc6
linuxlinux_kernel
4.11:rc7
linuxlinux_kernel
4.11:rc8
linuxlinux_kernel
4.12
linuxlinux_kernel
4.12:rc1
linuxlinux_kernel
4.12:rc2
linuxlinux_kernel
4.12:rc3
linuxlinux_kernel
4.12:rc4
linuxlinux_kernel
4.12:rc5
linuxlinux_kernel
4.12:rc6
linuxlinux_kernel
4.12:rc7
linuxlinux_kernel
4.13:rc1
linuxlinux_kernel
4.13:rc2
linuxlinux_kernel
4.13:rc3
linuxlinux_kernel
4.13:rc4
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
jessie
not-affected
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
cosmic
not-affected
bionic
not-affected
xenial
Fixed 4.4.0-138.164
released
trusty
not-affected
linux-aws
cosmic
not-affected
bionic
not-affected
xenial
Fixed 4.4.0-1070.80
released
trusty
Fixed 4.4.0-1032.35
released
linux-azure
cosmic
not-affected
bionic
not-affected
xenial
Fixed 4.13.0-1005.7
released
trusty
not-affected
linux-azure-edge
cosmic
dne
bionic
not-affected
xenial
not-affected
trusty
dne
linux-euclid
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-flo
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-gcp
cosmic
not-affected
bionic
not-affected
xenial
Fixed 4.13.0-1002.5
released
trusty
dne
linux-gke
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-goldfish
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-grouper
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe
cosmic
dne
bionic
not-affected
xenial
Fixed 4.13.0-26.29~16.04.2
released
trusty
dne
linux-hwe-edge
cosmic
dne
bionic
not-affected
xenial
Fixed 4.13.0-26.29~16.04.2
released
trusty
dne
linux-kvm
cosmic
not-affected
bionic
not-affected
xenial
Fixed 4.4.0-1036.42
released
trusty
dne
linux-lts-trusty
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-utopic
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-vivid
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-wily
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-xenial
cosmic
dne
bionic
dne
xenial
dne
trusty
Fixed 4.4.0-138.164~14.04.1
released
linux-maguro
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-mako
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-manta
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem
cosmic
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
linux-raspi2
cosmic
not-affected
bionic
not-affected
xenial
Fixed 4.4.0-1099.107
released
trusty
dne
linux-snapdragon
cosmic
dne
bionic
not-affected
xenial
Fixed 4.4.0-1103.108
released
trusty
dne
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2018/q3/179
http://www.securityfocus.com/bid/105154
http://www.securitytracker.com/id/1041569
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://usn.ubuntu.com/3797-1/
https://usn.ubuntu.com/3797-2/
https://www.debian.org/security/2018/dsa-4308
http://seclists.org/oss-sec/2018/q3/179
http://www.securityfocus.com/bid/105154
http://www.securitytracker.com/id/1041569
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://usn.ubuntu.com/3797-1/
https://usn.ubuntu.com/3797-2/
https://www.debian.org/security/2018/dsa-4308