CVE-2018-14618 A memory leak in the xt_TCPRule polling function in net/ipv4/tcp_syncpend.c in the Linux kernel before versions 5.16. The xt_TCPRule module is part of the net/ipv4/tcp_syncpend network code and it is used to determine the maximum size of a single-frame system-wide receive buffer. If a single-frame system-wide receive buffer exceeds the maximum size, it is allocated a separate buffer by the xt_TCPRule module and later freed by the xt_TCPReceiverInOctetReceiver function. This code has been found to be allowing a remote attacker to trigger a memory leak. A remote attacker could use this flaw to make the target system consume large amounts of memory, resulting in a potential denial-of-service. (CVE-2018-13405) - Fixed in 5.0.4, 5.1.8, 5.2.12, 6.0, 6.1, 7.0, 7.1, and 7.2; Red Hat Enterprise Linux 6.5; and 5.0.3, 5.1.7, 5.2.11, 6.0, 6.1, 7.0, 7.1, and 7.2. Red Hat Enterprise Linux 7.3 is not affected by this issue. References: https://www.

References: https://www.

Mitigation

In order to mitigate this issue, use xt_TCPRule with the rule set limit no more than 64K.
This is not a vulnerability that can be exploited remotely.

Timeline

Published on: 03/18/2022 12:15:00 UTC
Last modified on: 06/22/2022 15:55:00 UTC

References