CVE-2018-10938

Name: CVE-2018-10938
Creator: NVD / NIST
Published: 2018-08-27T13:29:00.353+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.00%

Last modified Jun 17, 2026

CVE-2018-10938 is a vulnerability of currently unknown severity. A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. EPSS estimates a 5.00% chance of exploitation in the next 30 days.

Description

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.

Metrics

EPSS Probability

5.00%

91.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-835

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	4.0	—
Linux	Linux Kernel	4.1	—
Linux	Linux Kernel	4.2	—
Linux	Linux Kernel	4.3	—
Linux	Linux Kernel	4.4	—
Linux	Linux Kernel	4.5	—
Linux	Linux Kernel	4.6	—
Linux	Linux Kernel	4.7	—
Linux	Linux Kernel	4.8	—
Linux	Linux Kernel	4.9	—
Linux	Linux Kernel	4.10	—
Linux	Linux Kernel	4.11	—
Linux	Linux Kernel	4.12	—
Linux	Linux Kernel	4.13	Rc1
Canonical	Ubuntu Linux	14.04	—
Canonical	Ubuntu Linux	16.04	—
Debian	Debian Linux	9.0	—

References

http://seclists.org/oss-sec/2018/q3/179Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/105154Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041569Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938Issue Tracking, Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlMailing List, Third Party Advisory
https://usn.ubuntu.com/3797-1/Third Party Advisory
https://usn.ubuntu.com/3797-2/Third Party Advisory
https://www.debian.org/security/2018/dsa-4308Third Party Advisory
http://seclists.org/oss-sec/2018/q3/179Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/105154Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041569Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938Issue Tracking, Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlMailing List, Third Party Advisory
https://usn.ubuntu.com/3797-1/Third Party Advisory
https://usn.ubuntu.com/3797-2/Third Party Advisory
https://www.debian.org/security/2018/dsa-4308Third Party Advisory

Timeline

Published: Aug 27, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-10938?

How severe is CVE-2018-10938?

Severity scoring for CVE-2018-10938 is pending analysis. The EPSS model estimates a 5.00% probability of exploitation in the next 30 days.

How do I fix CVE-2018-10938?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-10938?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST