CVE-2018-1065

Published: 02 March 2018

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.

From the Ubuntu security team

It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Priority

Medium

CVSS 3 base score: 4.7

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-13.14)
Patches:
Introduced by 7814b6ec6d0d63444abdb49554166c8cfcbd063e
Fixed by 57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
linux-armadaxp
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-aws
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1003.3)
linux-azure
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1003.3)
linux-azure-edge
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-1003.3~18.04.1)
linux-euclid
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-flo
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-gcp
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1003.3)
linux-gke
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-grouper
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-hwe
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

linux-hwe-edge
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-8.9~18.04.1)
linux-kvm
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1003.3)
linux-linaro-omap
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-raring
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-vivid
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-wily
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-maguro
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-mako
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-manta
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-oem
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.3)
linux-qcm-msm
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1006.7)
linux-snapdragon
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (4.16~rc3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading