CVE-2018-5390

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-08-2018 10:29

Last modified: - 26-10-2022 01:44

Total changes: - 2

Description

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

Reference

VU#962459-Third Party Advisory, US Government Resource
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
https://www.synology.com/support/security/Synology_SA_18_41
DSA-4266-Third Party Advisory
USN-3732-2-Third Party Advisory
USN-3732-1-Third Party Advisory
1041424-Third Party Advisory, VDB Entry
104976-Third Party Advisory, VDB Entry
1041434-Third Party Advisory, VDB Entry
USN-3742-2-Third Party Advisory
USN-3742-1-Third Party Advisory
USN-3741-1-Third Party Advisory
RHSA-2018:2395-Third Party Advisory
RHSA-2018:2384-Third Party Advisory
https://security.netapp.com/advisory/ntap-20180815-0003/
[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update-Third Party Advisory
RHSA-2018:2403-Third Party Advisory
RHSA-2018:2402-Third Party Advisory
USN-3741-2-Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack
20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018-Third Party Advisory
https://support.f5.com/csp/article/K95343321
RHSA-2018:2645-Third Party Advisory
USN-3763-1-Third Party Advisory
RHSA-2018:2791-Third Party Advisory
RHSA-2018:2790-Third Party Advisory
RHSA-2018:2789-Third Party Advisory
RHSA-2018:2785-Third Party Advisory
RHSA-2018:2776-Third Party Advisory
RHSA-2018:2933-Third Party Advisory
RHSA-2018:2924-Third Party Advisory
RHSA-2018:2948-Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
[oss-security] 20190628 Re: linux-distros membership application - Microsoft-Mailing List, Third Party Advisory
[oss-security] 20190706 Re: linux-distros membership application - Microsoft-Mailing List, Third Party Advisory
[oss-security] 20190706 Re: linux-distros membership application - Microsoft-Mailing List, Third Party Advisory
https://support.f5.com/csp/article/K95343321?utm_source=f5support&amp;utm_medium=RSS
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en
https://www.oracle.com/security-alerts/cpujul2020.html

Keywords

CVE-2018-5390

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2018-5390

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures