CVE-2018-1130
kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
El kernel de Linux en versiones anteriores a la 4.16-rc7 es vulnerable a una desreferencia de puntero NULL en la función dccp_write_xmit() en net/dccp/output.c en la que un usuario local puede provocar una denegación de servicio mediante un número de llamadas del sistema manipuladas.
A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls.
USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-04 CVE Reserved
- 2018-05-10 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html | Mailing List |
|
| https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:1854 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:3083 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:3096 | 2019-10-09 | |
| https://usn.ubuntu.com/3654-1 | 2019-10-09 | |
| https://usn.ubuntu.com/3654-2 | 2019-10-09 | |
| https://usn.ubuntu.com/3656-1 | 2019-10-09 | |
| https://usn.ubuntu.com/3697-1 | 2019-10-09 | |
| https://usn.ubuntu.com/3697-2 | 2019-10-09 | |
| https://usn.ubuntu.com/3698-1 | 2019-10-09 | |
| https://usn.ubuntu.com/3698-2 | 2019-10-09 | |
| https://access.redhat.com/security/cve/CVE-2018-1130 | 2018-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1576419 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.16 Search vendor "Linux" for product "Linux Kernel" and version " < 4.16" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc4 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc5 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc6 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||