CVE-2018-1130

Published: 10 May 2018

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

From the Ubuntu security team

It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-15.16)
Patches:
Introduced by 69c64866ce072dea1d1e59a0d61e0f66c0dffb76
Fixed by 67f93df79aeefc3add4e4b31a752600f834236e2
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1003.3)
linux-azure
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1004.4)
linux-euclid
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1003.3)
linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.18.0-8.9~18.04.1)
linux-kvm
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1004.4)
linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-oem
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.3)
linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1006.7)
linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (4.16~rc7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable