{
  "threat_severity" : "Moderate",
  "public_date" : "2018-11-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service",
    "id" : "1630124",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1630124"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.", "The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service." ],
  "statement" : "If you're not running container images, or creating net namepaces exposed to potentially malicious workloads this issue has a security impact of moderate. This issue has an important impact if the system is being used to run container images with untrusted content, such as an OpenShift Container Platform compute node.",
  "acknowledgement" : "Red Hat would like to thank Christian Brauner for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-11-27T00:00:00Z",
    "advisory" : "RHSA-2018:3666",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-957.1.3.rt56.913.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-11-27T00:00:00Z",
    "advisory" : "RHSA-2018:3651",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-957.1.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2018-12-18T00:00:00Z",
    "advisory" : "RHSA-2018:3843",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "kernel-0:3.10.0-862.25.3.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-alt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-14646\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14646" ],
  "name" : "CVE-2018-14646",
  "csaw" : false
}