Bug 1117290 - (CVE-2018-14646) VUL-0: CVE-2018-14646: kernel-source: kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service
(CVE-2018-14646)
VUL-0: CVE-2018-14646: kernel-source: kernel: NULL pointer dereference in af_...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/219641/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-11-26 10:36 UTC by Marcus Meissner
Modified: 2018-11-27 07:21 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-11-26 10:36:50 UTC
The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.

References:

https://marc.info/?l=linux-netdev&m=151500466401174&w=2

An upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee
Comment 1 Marcus Meissner 2018-11-26 10:38:20 UTC
Fixes: 79e1ad148c84

is in 4.15
Comment 2 Michal Kubeček 2018-11-27 06:32:20 UTC
The bug was introduced in 4.15-rc1, fixed in 4.15-rc8 and commit 79e1ad148c84
has not been backported to any of our branches. Nothing to do.
Comment 3 Marcus Meissner 2018-11-27 07:21:40 UTC
closing