CVE-2018-10938

Published: 27 August 2018

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.

From the Ubuntu security team

Yves Younan discovered that the CIPSO labeling implementation in the Linux kernel did not properly handle IP header options in some situations. A remote attacker could use this to specially craft network traffic that could cause a denial of service (infinite loop).

Priority

Negligible

CVSS 3 base score: 5.9

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-16.19)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.4.0-138.164)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Introduced by 04f81f0154e4bf002be6f4d85668ce1257efa4d9
Fixed by 40413955ee265a5e42f710940ec78f5450d49149
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1001.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.4.0-1070.80)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.4.0-1032.35)
linux-azure
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.2)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.13.0-1005.7)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.15.0-1023.24~14.04.1)
linux-azure-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-1003.3~18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.15.0-1002.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-euclid
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(was needed ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-gcp
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1001.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.13.0-1002.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-8.9~18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.2)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.4.0-1036.42)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.4.0-138.164~14.04.1)
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-oem
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.3)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.13.0-1008.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-1005.5)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.4.0-1099.107)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (4.13~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.4.0-1103.108)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
tyhicks
This issue affects non-default configurations where SELinux or SMACK
is being used instead of AppArmor and networking labeling has been
configured. It is unlikely that Ubuntu users would be affected by this issue.
sbeattie
further hardening discussion (and why it's likely not
needed) around this code in the two netdev emails in the marc.info
urls in the references section

References

Bugs