First published: Tue Jul 17 2018(Updated: )
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Credit: cret@cert.org cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <0:2.6.32-754.3.5.el6 | 0:2.6.32-754.3.5.el6 |
redhat/kernel | <0:2.6.32-358.93.1.el6 | 0:2.6.32-358.93.1.el6 |
redhat/kernel | <0:2.6.32-431.93.2.el6 | 0:2.6.32-431.93.2.el6 |
redhat/kernel | <0:2.6.32-504.76.2.el6 | 0:2.6.32-504.76.2.el6 |
redhat/kernel | <0:2.6.32-573.62.1.el6 | 0:2.6.32-573.62.1.el6 |
redhat/kernel-rt | <0:3.10.0-862.11.6.rt56.819.el7 | 0:3.10.0-862.11.6.rt56.819.el7 |
redhat/kernel | <0:3.10.0-862.11.6.el7 | 0:3.10.0-862.11.6.el7 |
redhat/kernel-alt | <0:4.14.0-115.el7a | 0:4.14.0-115.el7a |
redhat/kernel | <0:3.10.0-327.73.1.el7 | 0:3.10.0-327.73.1.el7 |
redhat/kernel | <0:3.10.0-514.58.1.el7 | 0:3.10.0-514.58.1.el7 |
redhat/kernel | <0:3.10.0-693.39.1.el7 | 0:3.10.0-693.39.1.el7 |
redhat/kernel-rt | <1:3.10.0-693.39.1.rt56.629.el6 | 1:3.10.0-693.39.1.rt56.629.el6 |
redhat/redhat-release-virtualization-host | <0:4.2-5.2.el7 | 0:4.2-5.2.el7 |
Redhat Virtualization | =4.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =6.4 | |
Redhat Enterprise Linux Server Aus | =6.5 | |
Redhat Enterprise Linux Server Aus | =6.6 | |
Redhat Enterprise Linux Server Aus | =7.2 | |
Redhat Enterprise Linux Server Aus | =7.3 | |
Redhat Enterprise Linux Server Aus | =7.4 | |
Redhat Enterprise Linux Server Eus | =6.4 | |
Redhat Enterprise Linux Server Eus | =6.7 | |
Redhat Enterprise Linux Server Eus | =7.2 | |
Redhat Enterprise Linux Server Eus | =7.3 | |
Redhat Enterprise Linux Server Eus | =7.4 | |
Redhat Enterprise Linux Server Eus | =7.5 | |
Redhat Enterprise Linux Server Tus | =6.6 | |
Redhat Enterprise Linux Server Tus | =7.2 | |
Redhat Enterprise Linux Server Tus | =7.3 | |
Redhat Enterprise Linux Server Tus | =7.4 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Linux Linux kernel | >=4.9<4.18 | |
Linux Linux kernel | =4.18-rc1 | |
Linux Linux kernel | =4.18-rc2 | |
Linux Linux kernel | =4.18-rc3 | |
Linux Linux kernel | =4.18-rc4 | |
Linux Linux kernel | =4.18-rc5 | |
Linux Linux kernel | =4.18-rc6 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Hp Aruba Airwave Amp | <8.2.7.1 | |
Hp Aruba Clearpass Policy Manager | >=6.6.0<=6.6.9 | |
Hp Aruba Clearpass Policy Manager | >=6.7.0<=6.7.5 | |
F5 BIG-IP Access Policy Manager | >=11.5.1<=11.6.3 | |
F5 BIG-IP Access Policy Manager | >=12.1.0<=12.1.3 | |
F5 BIG-IP Access Policy Manager | >=13.0.0<=13.1.1 | |
F5 BIG-IP Access Policy Manager | =14.0.0 | |
F5 BIG-IP Advanced Firewall Manager | >=11.5.1<=11.6.3 | |
F5 BIG-IP Advanced Firewall Manager | >=12.1.0<=12.1.3 | |
F5 BIG-IP Advanced Firewall Manager | >=13.0.0<=13.1.1 | |
F5 BIG-IP Advanced Firewall Manager | =14.0.0 | |
F5 BIG-IP Analytics | >=11.5.1<=11.6.3 | |
F5 BIG-IP Analytics | >=12.1.0<=12.1.3 | |
F5 BIG-IP Analytics | >=13.0.0<=13.1.1 | |
F5 BIG-IP Analytics | =14.0.0 | |
F5 Big-ip Application Acceleration Manager | >=11.5.1<=11.6.3 | |
F5 Big-ip Application Acceleration Manager | >=12.1.0<=12.1.3 | |
F5 Big-ip Application Acceleration Manager | >=13.0.0<=13.1.1 | |
F5 Big-ip Application Acceleration Manager | =14.0.0 | |
F5 BIG-IP Application Security Manager | >=11.5.1<=11.6.3 | |
F5 BIG-IP Application Security Manager | >=12.1.0<=12.1.3 | |
F5 BIG-IP Application Security Manager | >=13.0.0<=13.1.1 | |
F5 BIG-IP Application Security Manager | =14.0.0 | |
F5 Big-ip Domain Name System | >=11.5.1<=11.6.3 | |
F5 Big-ip Domain Name System | >=12.1.0<=12.1.3 | |
F5 Big-ip Domain Name System | >=13.0.0<=13.1.1 | |
F5 Big-ip Domain Name System | =14.0.0 | |
F5 Big-ip Edge Gateway | >=11.5.1.<=11.6.3 | |
F5 Big-ip Edge Gateway | >=12.1.0<=12.1.3 | |
F5 Big-ip Edge Gateway | >=13.0.0<=13.1.1 | |
F5 Big-ip Edge Gateway | =14.0.0 | |
F5 Big-ip Fraud Protection Service | >=11.5.1<=11.6.3 | |
F5 Big-ip Fraud Protection Service | >=12.1.0<=12.1.3 | |
F5 Big-ip Fraud Protection Service | >=13.0.0<=13.1.1 | |
F5 Big-ip Fraud Protection Service | =14.0.0 | |
F5 Big-ip Global Traffic Manager | >=11.5.1<=11.6.3 | |
F5 Big-ip Global Traffic Manager | >=12.1.0<=12.1.3 | |
F5 Big-ip Global Traffic Manager | >=13.0.0<=13.1.1 | |
F5 Big-ip Global Traffic Manager | =14.0.0 | |
F5 Big-ip Link Controller | >=11.5.1<=11.6.3 | |
F5 Big-ip Link Controller | >=12.1.0<=12.1.3 | |
F5 Big-ip Link Controller | >=13.0.0<=13.1.1 | |
F5 Big-ip Link Controller | =14.0.0 | |
F5 Big-ip Local Traffic Manager | >=11.5.1<=11.6.3 | |
F5 Big-ip Local Traffic Manager | >=12.0.0<=12.1.3 | |
F5 Big-ip Local Traffic Manager | >13.0.0<=13.1.1 | |
F5 Big-ip Local Traffic Manager | =14.0.0 | |
F5 Big-ip Policy Enforcement Manager | >=11.5.1<=11.6.3 | |
F5 Big-ip Policy Enforcement Manager | >=12.1.0<=12.1.3 | |
F5 Big-ip Policy Enforcement Manager | >=13.0.0<=13.1.1 | |
F5 Big-ip Policy Enforcement Manager | =14.0.0 | |
F5 Big-ip Webaccelerator | >=11.5.1<=11.6.3 | |
F5 Big-ip Webaccelerator | >=12.1.0<=12.1.3 | |
F5 Big-ip Webaccelerator | >=13.0.0<=13.1.1 | |
F5 Big-ip Webaccelerator | =14.0.0 | |
F5 Traffix Systems Signaling Delivery Controller | >=5.0.0<=5.1.0 | |
F5 Traffix Systems Signaling Delivery Controller | =4.4.0 | |
A10networks Advanced Core Operating System | =3.2.2 | |
A10networks Advanced Core Operating System | =3.2.2-p5 | |
A10networks Advanced Core Operating System | =4.1.0 | |
A10networks Advanced Core Operating System | =4.1.0-p11 | |
A10networks Advanced Core Operating System | =4.1.1-p8 | |
A10networks Advanced Core Operating System | =4.1.2 | |
A10networks Advanced Core Operating System | =4.1.2-p4 | |
A10networks Advanced Core Operating System | =4.1.4 | |
A10networks Advanced Core Operating System | =4.1.4-p1 | |
Cisco Collaboration Meeting Rooms | =1.0 | |
Cisco Digital Network Architecture Center | =1.2 | |
Cisco Expressway | =x8.10 | |
Cisco Expressway | =x8.10.1 | |
Cisco Expressway | =x8.10.2 | |
Cisco Expressway | =x8.10.3 | |
Cisco Expressway | =x8.10.4 | |
Cisco Expressway | =x8.11 | |
Cisco Expressway Series | ||
Cisco Meeting Management | =1.0 | |
Cisco Meeting Management | =1.0.1 | |
Cisco Network Assurance Engine | =2.1\(1a\) | |
Cisco Threat Grid-cloud | ||
Cisco Webex Hybrid Data Security | ||
Cisco Webex Video Mesh | ||
Cisco Telepresence Video Communication Server Firmware | =x8.10 | |
Cisco Telepresence Video Communication Server Firmware | =x8.10.1 | |
Cisco Telepresence Video Communication Server Firmware | =x8.10.2 | |
Cisco Telepresence Video Communication Server Firmware | =x8.10.3 | |
Cisco Telepresence Video Communication Server Firmware | =x8.10.4 | |
Cisco Telepresence Video Communication Server Firmware | =x8.11 | |
Cisco TelePresence Video Communication Server | ||
Cisco Telepresence Conductor Firmware | =xc4.3 | |
Cisco Telepresence Conductor Firmware | =xc4.3.1 | |
Cisco Telepresence Conductor Firmware | =xc4.3.2 | |
Cisco Telepresence Conductor Firmware | =xc4.3.3 | |
Cisco Telepresence Conductor Firmware | =xc4.3.4 | |
Cisco TelePresence Conductor | ||
All of | ||
Any of | ||
Cisco Telepresence Video Communication Server Firmware | =x8.10 | |
Cisco Telepresence Video Communication Server Firmware | =x8.10.1 | |
Cisco Telepresence Video Communication Server Firmware | =x8.10.2 | |
Cisco Telepresence Video Communication Server Firmware | =x8.10.3 | |
Cisco Telepresence Video Communication Server Firmware | =x8.10.4 | |
Cisco Telepresence Video Communication Server Firmware | =x8.11 | |
Cisco TelePresence Video Communication Server | ||
All of | ||
Any of | ||
Cisco Telepresence Conductor Firmware | =xc4.3 | |
Cisco Telepresence Conductor Firmware | =xc4.3.1 | |
Cisco Telepresence Conductor Firmware | =xc4.3.2 | |
Cisco Telepresence Conductor Firmware | =xc4.3.3 | |
Cisco Telepresence Conductor Firmware | =xc4.3.4 | |
Cisco TelePresence Conductor | ||
ubuntu/linux | <4.15.0-30.32 | 4.15.0-30.32 |
ubuntu/linux | <3.13.0-155.205 | 3.13.0-155.205 |
ubuntu/linux | <4.18~ | 4.18~ |
ubuntu/linux | <4.4.0-133.159 | 4.4.0-133.159 |
ubuntu/linux-aws | <4.15.0-1017.17 | 4.15.0-1017.17 |
ubuntu/linux-aws | <4.4.0-1027.30 | 4.4.0-1027.30 |
ubuntu/linux-aws | <4.18~ | 4.18~ |
ubuntu/linux-aws | <4.4.0-1065.75 | 4.4.0-1065.75 |
ubuntu/linux-azure | <4.15.0-1019.19 | 4.15.0-1019.19 |
ubuntu/linux-azure | <4.18~ | 4.18~ |
ubuntu/linux-azure | <4.15.0-1019.19~16.04.1 | 4.15.0-1019.19~16.04.1 |
ubuntu/linux-azure-edge | <4.18~ | 4.18~ |
ubuntu/linux-azure-edge | <4.15.0-1019.19 | 4.15.0-1019.19 |
ubuntu/linux-euclid | <4.18~ | 4.18~ |
ubuntu/linux-euclid | <4.4.0-9029.31 | 4.4.0-9029.31 |
ubuntu/linux-flo | <4.18~ | 4.18~ |
ubuntu/linux-gcp | <4.15.0-1015.15 | 4.15.0-1015.15 |
ubuntu/linux-gcp | <4.18~ | 4.18~ |
ubuntu/linux-gcp | <4.15.0-1015.15~16.04.1 | 4.15.0-1015.15~16.04.1 |
ubuntu/linux-gke | <4.18~ | 4.18~ |
ubuntu/linux-goldfish | <4.18~ | 4.18~ |
ubuntu/linux-grouper | <4.18~ | 4.18~ |
ubuntu/linux-hwe | <4.18~ | 4.18~ |
ubuntu/linux-hwe | <4.15.0-30.32~16.04.1 | 4.15.0-30.32~16.04.1 |
ubuntu/linux-hwe-edge | <4.18~ | 4.18~ |
ubuntu/linux-hwe-edge | <4.15.0-30.32~16.04.1 | 4.15.0-30.32~16.04.1 |
ubuntu/linux-kvm | <4.15.0-1017.17 | 4.15.0-1017.17 |
ubuntu/linux-kvm | <4.18~ | 4.18~ |
ubuntu/linux-kvm | <4.4.0-1031.37 | 4.4.0-1031.37 |
ubuntu/linux-lts-trusty | <4.18~ | 4.18~ |
ubuntu/linux-lts-utopic | <4.18~ | 4.18~ |
ubuntu/linux-lts-vivid | <4.18~ | 4.18~ |
ubuntu/linux-lts-wily | <4.18~ | 4.18~ |
ubuntu/linux-lts-xenial | <4.4.0-133.159~14.04.1 | 4.4.0-133.159~14.04.1 |
ubuntu/linux-lts-xenial | <4.18~ | 4.18~ |
ubuntu/linux-maguro | <4.18~ | 4.18~ |
ubuntu/linux-mako | <4.18~ | 4.18~ |
ubuntu/linux-manta | <4.18~ | 4.18~ |
ubuntu/linux-oem | <4.15.0-1013.16 | 4.15.0-1013.16 |
ubuntu/linux-oem | <4.18~ | 4.18~ |
ubuntu/linux-raspi2 | <4.15.0-1018.19 | 4.15.0-1018.19 |
ubuntu/linux-raspi2 | <4.18~ | 4.18~ |
ubuntu/linux-raspi2 | <4.4.0-1094.102 | 4.4.0-1094.102 |
ubuntu/linux-snapdragon | <4.18~ | 4.18~ |
ubuntu/linux-snapdragon | <4.4.0-1098.103 | 4.4.0-1098.103 |
debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)