VDB
CVE-2018-14641
CVE-2018-14641
PUBLISHED
CVSS 6.5 MEDIUM
A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.
EPSS 1.36% · 80.5th percentile
Risk Scores
CVSS 3.0
6.5
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
1.36%
80.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Linux Foundation | kernel | from 4.19-rc1 to 4.19-rc3 inclusive |
| linux | linux_kernel | 4.19, 4.19, 4.19 |
Exploit Intelligence
Timeline
- Sep 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4 url
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641 url
- RHSA-2018:2948 vendor-advisory
- [oss-security] 20180918 CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm() mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2018-14641 advisory