SegmentSmack: CVE-2018-5390

Linux kernel versions 4.9+ are vulnerable to Denial of Service attacks due to a resource exhaustion vulnerability. The issue is being tracked via CVE-2018-5390. The vulnerability has been named SegmentSmack. An attacker can exploit this bug by triggering expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(). The attacker needs to send crafted TCP packets within already established TCP sessions.

Mitigation
We request organizations to apply the latest patches from the respective vendors as soon as possible. Qualys customers can scan their network with the QIDs listed below (not exhaustive), we will actively add more detection as vendors release their fixes for SegmentSmack.

QID Description
351331 Amazon Linux Security Advisory for kernel: ALAC2012-2018-007 (SegmentSmack)
176443 Debian Security Update for Linux (DSA 4266-1)
197220 Ubuntu Security Notification for Linux, Linux-aws, Linux-azure, Linux-gcp, Linux-kvm, Linux-oem, (USN-3732-1)
157768 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2018-4189)(SegmentSmack)
351320 Amazon Linux Security Advisory for kernel: ALAS2-2018-1050 (SegmentSmack)
351319 Amazon Linux Security Advisory for kernel: ALAS-2018-1049 (SegmentSmack)

Please continue to follow Qualys Threat Protection for more information on vulnerabilities.

References
Vulnerability Note VU#962459: Linux Kernel TCP implementation vulnerable to Denial of Service
CVE-2018-5390
SegmentSmack: kernel: tcp segments with random offsets may cause a remote denial of service [CVE-2018-5390]

Leave a Reply

Your email address will not be published. Required fields are marked *