CVE-2018-5391: The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

First published: Mon Jul 30 2018(Updated: )

A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. External References: <a href="https://access.redhat.com/articles/3553061">https://access.redhat.com/articles/3553061</a> <a href="https://www.kb.cert.org/vuls/id/641765">https://www.kb.cert.org/vuls/id/641765</a> A fix is a merge commit in the Linux kernel tree: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f</a> consisting of the following commits: 7969e5c40dfd04799d4341f1b7cd266b6e47f227 385114dec8a49b5e5945e77ba7de6356106713f4 fa0f527358bd900ef92f925878ed6bfbd51305cc

Credit: cret@cert.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/first-publish-date
• collector/launchpad-cve
• source/Launchpad
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2018-5391
• agent/weakness
• agent/severity
• collector/mitre-cve
• source/MITRE
• agent/title
• agent/references
• agent/remedy
• collector/usn-cve
• source/Ubuntu
• agent/description
• agent/event
• agent/trending
• agent/last-modified-date
• agent/source
• agent/author
• collector/security-tracker-debian
• source/Debian
• agent/software-canonical-lookup
• agent/softwarecombine
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• collector/nvd-cve
• source/NVD
• package-manager/debian
• vendor/linux
• canonical/linux kernel
• version/linux kernel/3.9
• version/linux kernel/4.18
• vendor/redhat
• canonical/redhat enterprise linux desktop
• version/redhat enterprise linux desktop/6.0
• version/redhat enterprise linux desktop/7.0
• canonical/redhat enterprise linux server
• version/redhat enterprise linux server/6.0
• version/redhat enterprise linux server/7.0
• canonical/redhat enterprise linux server aus
• version/redhat enterprise linux server aus/6.4
• version/redhat enterprise linux server aus/6.5
• version/redhat enterprise linux server aus/6.6
• version/redhat enterprise linux server aus/7.2
• version/redhat enterprise linux server aus/7.3
• version/redhat enterprise linux server aus/7.4
• canonical/redhat enterprise linux server eus
• version/redhat enterprise linux server eus/6.7
• version/redhat enterprise linux server eus/7.3
• version/redhat enterprise linux server eus/7.4
• version/redhat enterprise linux server eus/7.5
• canonical/redhat enterprise linux server tus
• version/redhat enterprise linux server tus/6.6
• version/redhat enterprise linux server tus/7.2
• version/redhat enterprise linux server tus/7.3
• version/redhat enterprise linux server tus/7.4
• canonical/redhat enterprise linux workstation
• version/redhat enterprise linux workstation/6.0
• version/redhat enterprise linux workstation/7.0
• vendor/debian
• canonical/debian
• version/debian/8.0
• version/debian/9.0
• vendor/canonical
• canonical/ubuntu
• version/ubuntu/12.04
• version/ubuntu/14.04
• version/ubuntu/16.04
• version/ubuntu/18.04
• vendor/microsoft
• canonical/microsoft windows 10
• version/microsoft windows 10/1607
• version/microsoft windows 10/1703
• version/microsoft windows 10/1709
• version/microsoft windows 10/1803
• canonical/microsoft windows 7
• version/microsoft windows 7/sp1
• canonical/microsoft windows 8.1
• canonical/microsoft windows rt
• canonical/microsoft windows server 2008 itanium
• version/microsoft windows server 2008 itanium/sp2
• version/microsoft windows server 2008 itanium/r2-sp1
• canonical/microsoft windows server 2012 x64
• version/microsoft windows server 2012 x64/r2
• canonical/microsoft windows server 2016
• version/microsoft windows server 2016/1709
• version/microsoft windows server 2016/1803
• vendor/f5
• canonical/f5 access policy manager
• version/f5 access policy manager/11.5.1
• version/f5 access policy manager/12.1.0
• version/f5 access policy manager/13.0.0
• version/f5 access policy manager/14.0.0
• version/f5 access policy manager/14.1.0
• canonical/f5 big-ip advanced firewall manager
• version/f5 big-ip advanced firewall manager/11.5.1
• version/f5 big-ip advanced firewall manager/12.1.0
• version/f5 big-ip advanced firewall manager/13.0.0
• version/f5 big-ip advanced firewall manager/14.0.0
• version/f5 big-ip advanced firewall manager/14.1.0
• canonical/f5 big-ip analytics
• version/f5 big-ip analytics/11.5.1
• version/f5 big-ip analytics/12.1.0
• version/f5 big-ip analytics/13.0.0
• version/f5 big-ip analytics/14.0.0
• version/f5 big-ip analytics/14.1.0
• canonical/f5 big-ip application acceleration manager
• version/f5 big-ip application acceleration manager/11.5.1
• version/f5 big-ip application acceleration manager/12.1.0
• version/f5 big-ip application acceleration manager/13.0.0
• version/f5 big-ip application acceleration manager/14.0.0
• version/f5 big-ip application acceleration manager/14.1.0
• canonical/f5 application security manager
• version/f5 application security manager/11.5.1
• version/f5 application security manager/12.1.0
• version/f5 application security manager/13.0.0
• version/f5 application security manager/14.0.0
• version/f5 application security manager/14.1.0
• canonical/f5 big-ip domain name system
• version/f5 big-ip domain name system/11.5.1
• version/f5 big-ip domain name system/12.1.0
• version/f5 big-ip domain name system/13.0.0
• version/f5 big-ip domain name system/14.0.0
• version/f5 big-ip domain name system/14.1.0
• canonical/f5 big-ip edge gateway
• version/f5 big-ip edge gateway/11.5.1
• version/f5 big-ip edge gateway/12.1.0
• version/f5 big-ip edge gateway/13.0.0
• version/f5 big-ip edge gateway/14.0.0
• version/f5 big-ip edge gateway/14.1.0
• canonical/f5 big-ip fraud protection services
• version/f5 big-ip fraud protection services/11.5.1
• version/f5 big-ip fraud protection services/12.1.0
• version/f5 big-ip fraud protection services/13.0.0
• version/f5 big-ip fraud protection services/14.0.0
• version/f5 big-ip fraud protection services/14.1.0
• canonical/f5 big-ip global traffic manager
• version/f5 big-ip global traffic manager/11.5.1
• version/f5 big-ip global traffic manager/12.1.0
• version/f5 big-ip global traffic manager/13.0.0
• version/f5 big-ip global traffic manager/14.0.0
• version/f5 big-ip global traffic manager/14.1.0
• canonical/f5 big-ip
• version/f5 big-ip/11.5.1
• version/f5 big-ip/12.1.0
• version/f5 big-ip/13.0.0
• version/f5 big-ip/14.0.0
• version/f5 big-ip/14.1.0
• canonical/f5 big-ip local traffic manager
• version/f5 big-ip local traffic manager/11.5.1
• version/f5 big-ip local traffic manager/12.1.0
• version/f5 big-ip local traffic manager/13.0.0
• version/f5 big-ip local traffic manager/14.0.0
• version/f5 big-ip local traffic manager/14.1.0
• canonical/f5 big-ip policy enforcement manager
• version/f5 big-ip policy enforcement manager/11.5.1
• version/f5 big-ip policy enforcement manager/12.1.0
• version/f5 big-ip policy enforcement manager/13.0.0
• version/f5 big-ip policy enforcement manager/14.0.0
• version/f5 big-ip policy enforcement manager/14.1.0
• canonical/f5 big-ip webaccelerator
• version/f5 big-ip webaccelerator/11.5.1
• version/f5 big-ip webaccelerator/12.1.0
• version/f5 big-ip webaccelerator/13.0.0
• version/f5 big-ip webaccelerator/14.0.0
• version/f5 big-ip webaccelerator/14.1.0
• vendor/siemens
• canonical/siemens ruggedcom rm1224 lte (4g) nam
• canonical/siemens ruggedcom rm1224 lte(4g) eu
• canonical/siemens ruggedcom rox ii
• canonical/siemens ruggedcom rox ii firmware
• canonical/siemens scalance m-800 firmware
• canonical/siemens scalance s615 firmware
• canonical/siemens scalance sc-600 firmware
• canonical/siemens scalance sc-600
• canonical/siemens scalance w1700 ieee 802.11ac
• canonical/siemens scalance w1700 ieee 802.11ac firmware
• canonical/siemens scalance w700 ieee 802.11a/b/g/n firmware
• canonical/siemens scalance w700 ieee 802.11a/b/g/n
• canonical/siemens simatic cp 1242-7 gprs
• canonical/siemens simatic net cp 1242-7
• canonical/siemens simatic net cp 1243-1 firmware
• canonical/siemens simatic cp 1243-7 lte eu firmware
• canonical/siemens simatic cp 1243-7 lte us firmware
• canonical/siemens simatic net cp 1243-7 lte us firmware
• canonical/siemens simatic cp 1243-8 irc firmware
• canonical/siemens simatic net cp 1243-8 irc firmware
• canonical/siemens simatic net cp 1542sp-1 irc firmware
• canonical/siemens simatic net cp 1542sp-1
• canonical/siemens simatic net cp 1543-1 firmware
• canonical/siemens simatic net cp 1543-1
• canonical/siemens simatic net cp 1543sp-1
• canonical/siemens simatic net cp 1543sp-1 (incl. siplus variants)
• canonical/siemens simatic rf185c firmware
• canonical/siemens simatic rf186c
• canonical/siemens simatic rf186c firmware
• canonical/siemens simatic rf186ci firmware
• canonical/siemens simatic rf188
• canonical/siemens simatic rf188 firmware
• canonical/siemens simatic rf188ci firmware
• canonical/siemens sinema remote connect server firmware
• version/siemens sinema remote connect server firmware/1.1
• canonical/siemens sinema remote connect