A NULL pointer dereference was found in net/rds/rdma.c:__rds_rdma_map() function in the Linux kernel allowing local attackers to cause a system panic and a denial-of-service.
Find out more about CVE-2018-7492 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future Linux kernel updates for the respective releases may address this issue.
This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 7, its real-time kernel, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE, as a code with the flaw is not built and shipped with the products listed.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 5.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Will not fix |
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected |
| Red Hat Enterprise Linux 6 | kernel | Will not fix |
| Red Hat Enterprise Linux 5 | kernel | Will not fix |
Vulmon