製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel における NULL ポインタデリファレンスに関する脆弱性

Title	Linux Kernel における NULL ポインタデリファレンスに関する脆弱性
Summary	Linux Kernel には、NULL ポインタデリファレンスに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 6, 2018, midnight
Registration Date	June 28, 2018, 3:46 p.m.
Last Update	June 28, 2018, 3:46 p.m.

CVSS3.0 : 警告
Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
Score	4.9
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:C

Affected System

Debian

Debian GNU/Linux

Canonical

Ubuntu

Linux

Linux Kernel 4.16-rc7 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-1130	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1130
National Vulnerability Database (NVD)
2	CVE-2018-1130	https://nvd.nist.gov/vuln/detail/CVE-2018-1130

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-476	http://cwe.mitre.org/data/definitions/476.html

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 1392-1] linux security update	https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
Linux Kernel
2	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
3	dccp: check sk for closed state in dccp_sendmsg()	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2
MARC: Mailing list ARChives
4	[PATCH net] dccp: check sk for closed state in dccp_sendmsg()	https://marc.info/?l=linux-netdev&m=152036596825220&w=2
Ubuntu Security Notice
5	USN-3654-1	https://usn.ubuntu.com/3654-1/
6	USN-3654-2	https://usn.ubuntu.com/3654-2/
7	USN-3656-1	https://usn.ubuntu.com/3656-1/

その他

No	Name	URL
関連文書
1	Bug 1576419	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130

Change Log

No	Changed Details	Date of change
1	[2018年06月28日] 掲載	June 28, 2018, 3:46 p.m.

NVD Vulnerability Information

CVE-2018-1130

Summary	Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
Publication Date	May 10, 2018, 10:29 p.m.
Registration Date	March 1, 2021, 6:45 p.m.
Last Update	Nov. 21, 2024, 12:59 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel:4.16:rc1::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc2::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc3::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc4::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc5::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc6::::::
cpe:2.3:o:linux:linux_kernel::::::::				4.16

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:7.0:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://access.redhat.com/errata/RHSA-2018:1854	Third Party Advisory
2	https://access.redhat.com/errata/RHSA-2018:1854	Third Party Advisory
3	https://access.redhat.com/errata/RHSA-2018:3083	Third Party Advisory
4	https://access.redhat.com/errata/RHSA-2018:3083	Third Party Advisory
5	https://access.redhat.com/errata/RHSA-2018:3096	Third Party Advisory
6	https://access.redhat.com/errata/RHSA-2018:3096	Third Party Advisory
7	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130	Issue Tracking Patch
8	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130	Issue Tracking Patch
9	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2	Patch
10	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2	Patch
11	https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html	Mailing List Third Party Advisory
12	https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html	Mailing List Third Party Advisory
13	https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html	Mailing List Third Party Advisory
14	https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html	Mailing List Third Party Advisory
15	https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html	Mailing List Third Party Advisory
16	https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html	Mailing List Third Party Advisory
17	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html	Mailing List Third Party Advisory
18	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html	Mailing List Third Party Advisory
19	https://marc.info/?l=linux-netdev&m=152036596825220&w=2	Mailing List Patch
20	https://marc.info/?l=linux-netdev&m=152036596825220&w=2	Mailing List Patch
21	https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94	Third Party Advisory
22	https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94	Third Party Advisory
23	https://usn.ubuntu.com/3654-1/	Third Party Advisory
24	https://usn.ubuntu.com/3654-1/	Third Party Advisory
25	https://usn.ubuntu.com/3654-2/	Third Party Advisory
26	https://usn.ubuntu.com/3654-2/	Third Party Advisory
27	https://usn.ubuntu.com/3656-1/	Third Party Advisory
28	https://usn.ubuntu.com/3656-1/	Third Party Advisory
29	https://usn.ubuntu.com/3697-1/	Third Party Advisory
30	https://usn.ubuntu.com/3697-1/	Third Party Advisory
31	https://usn.ubuntu.com/3697-2/	Third Party Advisory
32	https://usn.ubuntu.com/3697-2/	Third Party Advisory
33	https://usn.ubuntu.com/3698-1/	Third Party Advisory
34	https://usn.ubuntu.com/3698-1/	Third Party Advisory
35	https://usn.ubuntu.com/3698-2/	Third Party Advisory
36	https://usn.ubuntu.com/3698-2/	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-476	NULL ポインタデリファレンス	https://cwe.mitre.org/data/definitions/476.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel:4.16:rc1::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc2::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc3::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc4::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc5::::::
cpe:2.3:o:linux:linux_kernel:4.16:rc6::::::
cpe:2.3:o:linux:linux_kernel::::::::				4.16