CVE-2018-10938
Description
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
4.369
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-3797-1) linux-image-aws_4.4.0.1070.72_amd64.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-kvm_4.4.0.1036.35_amd64.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-generic_4.4.0.138.144_i386.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-generic_4.4.0.138.144_amd64.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-lowlatency_4.4.0.138.144_i386.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-lowlatency_4.4.0.138.144_amd64.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-4.4.0-1036-kvm_4.4.0-1036.42_amd64.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-4.4.0-1070-aws_4.4.0-1070.80_amd64.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-4.4.0-138-generic_4.4.0-138.164_i386.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-4.4.0-138-generic_4.4.0-138.164_amd64.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-4.4.0-138-lowlatency_4.4.0-138.164_i386.deb | Linux |
| Linux kernel (USN-3797-1) linux-image-4.4.0-138-lowlatency_4.4.0-138.164_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3797-2) linux-image-aws_4.4.0.1032.32_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3797-2) linux-image-4.4.0-1032-aws_4.4.0-1032.35_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3797-2) linux-image-4.4.0-138-generic_4.4.0-138.164~14.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3797-2) linux-image-4.4.0-138-generic_4.4.0-138.164~14.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3797-2) linux-image-4.4.0-138-lowlatency_4.4.0-138.164~14.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3797-2) linux-image-4.4.0-138-lowlatency_4.4.0-138.164~14.04.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234