Linux kernel CVE-2018-14641 – Denial-of-Service


 

Authors:seclists             Risk:High

CVE: CVE-2018-14641    0day-id: 0day-1864544

Date: 2018-09-19          Update time: 2018-09-19

 

Description

 

A security flaw was found in the ip_frag_reasm() function in
net/ipv4/ip_fragment.c in the Linux kernel which can cause a later system crash
in ip_do_fragment(). With certain non-default but non-rare configuration of
a victim host an attacker can trigger this crash remotely, thus leading to a
remote denial-of-service.

 

The flaw was introduced in

 

 

Distributions which has backported this part of fa0f527358bd (which in turn is
a part of the fix of the CVE-2018-5391/FragmentSmack) are vulnerable.

For the remote attack masquerading and forwarding should be configured on a
victim host. Then an attacker can ping an external host from inside a
masqueraded zone, so that the malicious ping is masqueraded and forwarded by a
victim host. This is not default but (we believe) not rare configuration, so
for example, a VM hosting provider could be vulnerable.