The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
Find out more about CVE-2018-14646 from the MITRE CVE dictionary dictionary and NIST NVD.
If you're not running container images, or creating net namepaces exposed to potentially malicious workloads this issue has a security impact of moderate. This issue has an important impact if the system is being used to run container images with untrusted content, such as an OpenShift Container Platform compute node.
| CVSS3 Base Score | 5.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2018:3666 | 2018-11-27 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2018:3651 | 2018-11-27 |
| Red Hat Enterprise Linux Extended Update Support 7.5 (kernel) | RHSA-2018:3843 | 2018-12-18 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | kernel-rt | Affected |
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected |
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |
Vulmon