Vulnerability Note VU#962459
Linux Kernel TCP implementation vulnerable to Denial of Service
Overview
The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially modified packets.
Description
CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CVE-2018-5390 Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port. Thus, the attacks cannot be performed using spoofed IP addresses. |
Impact
An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port. |
Solution
Apply a patch |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| 3com Inc | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| A10 Networks | Unknown | 27 Jul 2018 | 27 Jul 2018 |
| ACCESS | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| Actelis Networks | Unknown | 27 Jul 2018 | 27 Jul 2018 |
| Actiontec | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| ADTRAN | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| aep NETWORKS | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| Aerohive | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| AhnLab Inc | Unknown | 27 Jul 2018 | 27 Jul 2018 |
| AirWatch | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| Akamai Technologies, Inc. | Unknown | 27 Jul 2018 | 27 Jul 2018 |
| Alcatel-Lucent Enterprise | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| Amazon | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| Android Open Source Project | Unknown | 23 Jul 2018 | 23 Jul 2018 |
| ANTlabs | Unknown | 23 Jul 2018 | 23 Jul 2018 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 7.1 | AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Temporal | 6.4 | E:POC/RL:ND/RC:C |
| Environmental | 6.4 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
- https://www.spinics.net/lists/netdev/msg514742.html
Credit
Thanks to Juha-Matti Tilli (Aalto University, Department of Communications and Networking / Nokia Bell Labs) for reporting this vulnerability.
This document was written by Trent Novelly.
Other Information
- CVE IDs: CVE-2018-5390
- Date Public: 23 Jul 2018
- Date First Published: 06 Aug 2018
- Date Last Updated: 06 Aug 2018
- Document Revision: 17
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.