CVE-2018-1130

Published: 10 May 2018

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

From the Ubuntu security team

It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-15.16)


	Patches: Introduced by 69c64866ce072dea1d1e59a0d61e0f66c0dffb76 Fixed by 67f93df79aeefc3add4e4b31a752600f834236e2
linux-aws Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1003.3)


linux-azure Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1004.4)


linux-euclid Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-flo Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-gcp Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1003.3)


linux-gke Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-goldfish Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-grouper Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-hwe Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable


linux-hwe-edge Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.18.0-8.9~18.04.1)


linux-kvm Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1004.4)


linux-lts-trusty Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-utopic Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-vivid Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-wily Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-lts-xenial Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-maguro Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-mako Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-manta Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist


linux-oem Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1002.3)


linux-raspi2 Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1006.7)


linux-snapdragon Launchpad, Ubuntu, Debian	Upstream	Released (4.16~rc7)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable

Notes

Author	Note
sbeattie	Introduced in fix for CVE-2017-8824

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›