CVE-2018-17977
MEDIUMLinux Kernel 4.14.67 - Denial of Service via XFRM Netlink Message Interaction
Title source: llmDescription
The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105539
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://www.openwall.com/lists/oss-security/2018/10/05/5
Scores
CVSS v3
4.4
EPSS
0.0038
EPSS Percentile
29.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
linux/linux_kernel
4.14.67
Published
Oct 08, 2018
Tracked Since
Feb 18, 2026