What is CVE-2018-14641?

CVE-2018-14641 is a medium-severity vulnerability in The Linux Foundation Kernel, classified under CWE-456. CVSS score: 6.5/10. Published 2018-09-18.

How severe is CVE-2018-14641?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in The Linux Foundation Kernel

CVE-2018-14641

A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare…

EPSS: 0.014 (80.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

The Linux Foundation Kernel — versions from 4.19-rc1 to 4.19-rc3 inclusive

Weakness classification (CWE)

CWE-456

References

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ (x_refsource_CONFIRM)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
RHSA-2018:2948 (x_refsource_REDHAT, vendor-advisory)
[oss-security] 20180918 CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm() (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2018-14641?: CVE-2018-14641 is a medium-severity vulnerability in The Linux Foundation Kernel, classified under CWE-456. CVSS score: 6.5/10. Published 2018-09-18.
How severe is CVE-2018-14641?: Medium severity. CVSS v3 base score is 6.5 out of 10.