Linux kernel versions 4.9+ are vulnerable to Denial of Service attacks due to a resource exhaustion vulnerability. The issue is being tracked via CVE-2018-5390. The vulnerability has been named SegmentSmack. An attacker can exploit this bug by triggering expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(). The attacker needs to send crafted TCP packets within already established TCP sessions.
Mitigation
We request organizations to apply the latest patches from the respective vendors as soon as possible. Qualys customers can scan their network with the QIDs listed below (not exhaustive), we will actively add more detection as vendors release their fixes for SegmentSmack.
| QID | Description |
| 351331 | Amazon Linux Security Advisory for kernel: ALAC2012-2018-007 (SegmentSmack) |
| 176443 | Debian Security Update for Linux (DSA 4266-1) |
| 197220 | Ubuntu Security Notification for Linux, Linux-aws, Linux-azure, Linux-gcp, Linux-kvm, Linux-oem, (USN-3732-1) |
| 157768 | Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2018-4189)(SegmentSmack) |
| 351320 | Amazon Linux Security Advisory for kernel: ALAS2-2018-1050 (SegmentSmack) |
| 351319 | Amazon Linux Security Advisory for kernel: ALAS-2018-1049 (SegmentSmack) |
Please continue to follow Qualys Threat Protection for more information on vulnerabilities.
References
Vulnerability Note VU#962459: Linux Kernel TCP implementation vulnerable to Denial of Service
CVE-2018-5390
SegmentSmack: kernel: tcp segments with random offsets may cause a remote denial of service [CVE-2018-5390]
