CVE-2018-5391

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-09-2018 11:29

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

Reference

VU#641765-Third Party Advisory, US Government Resource
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
DSA-4272-Mitigation, Third Party Advisory
USN-3742-2-Third Party Advisory
USN-3742-1-Third Party Advisory
USN-3741-2-Third Party Advisory
USN-3741-1-Third Party Advisory
USN-3740-2-Third Party Advisory
USN-3740-1-Third Party Advisory
[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update-Mitigation, Mailing List, Third Party Advisory
1041476-Third Party Advisory, VDB Entry
105108-Third Party Advisory, VDB Entry
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
1041637-Third Party Advisory, VDB Entry
RHSA-2018:2791-Third Party Advisory
RHSA-2018:2785-Third Party Advisory
https://security.netapp.com/advisory/ntap-20181003-0002/
RHSA-2018:2846-Third Party Advisory
RHSA-2018:2933-Third Party Advisory
RHSA-2018:2925-Third Party Advisory
RHSA-2018:2924-Third Party Advisory
RHSA-2018:3096-Third Party Advisory
RHSA-2018:3083-Third Party Advisory
RHSA-2018:2948-Third Party Advisory
RHSA-2018:3459-Third Party Advisory
RHSA-2018:3590-Third Party Advisory
RHSA-2018:3586-Third Party Advisory
RHSA-2018:3540-Third Party Advisory
[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update-
[oss-security] 20190628 Re: linux-distros membership application - Microsoft-
[oss-security] 20190706 Re: linux-distros membership application - Microsoft-
[oss-security] 20190706 Re: linux-distros membership application - Microsoft-
https://support.f5.com/csp/article/K74374841?utm_source=f5support&amp;utm_medium=RSS
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf

Keywords

CVE-2018-5391

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2018-5391

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures