First published: Mon Jul 30 2018(Updated: )
A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. External References: <a href="https://access.redhat.com/articles/3553061">https://access.redhat.com/articles/3553061</a> <a href="https://www.kb.cert.org/vuls/id/641765">https://www.kb.cert.org/vuls/id/641765</a> A fix is a merge commit in the Linux kernel tree: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f</a> consisting of the following commits: 7969e5c40dfd04799d4341f1b7cd266b6e47f227 385114dec8a49b5e5945e77ba7de6356106713f4 fa0f527358bd900ef92f925878ed6bfbd51305cc
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | >=3.9<=4.18 | |
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux Desktop | =7.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Server | =7.0 | |
Red Hat Enterprise Linux Server | =6.4 | |
Red Hat Enterprise Linux Server | =6.5 | |
Red Hat Enterprise Linux Server | =6.6 | |
Red Hat Enterprise Linux Server | =7.2 | |
Red Hat Enterprise Linux Server | =7.3 | |
Red Hat Enterprise Linux Server | =7.4 | |
Red Hat Enterprise Linux Server | =6.7 | |
Red Hat Enterprise Linux Server | =7.3 | |
Red Hat Enterprise Linux Server | =7.4 | |
Red Hat Enterprise Linux Server | =7.5 | |
Red Hat Enterprise Linux Server | =6.6 | |
Red Hat Enterprise Linux Server | =7.2 | |
Red Hat Enterprise Linux Server | =7.3 | |
Red Hat Enterprise Linux Server | =7.4 | |
Red Hat Enterprise Linux Workstation | =6.0 | |
Red Hat Enterprise Linux Workstation | =7.0 | |
Debian Linux | =8.0 | |
Debian Linux | =9.0 | |
Ubuntu | =12.04 | |
Ubuntu | =14.04 | |
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Windows 10 | ||
Windows 10 | =1607 | |
Windows 10 | =1703 | |
Windows 10 | =1709 | |
Windows 10 | =1803 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows | ||
Microsoft Windows RT | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | =1709 | |
Microsoft Windows Server 2016 | =1803 | |
F5 Access Policy Manager | >=11.5.1<11.6.5.1 | |
F5 Access Policy Manager | >=12.1.0<12.1.5 | |
F5 Access Policy Manager | >=13.0.0<13.1.3 | |
F5 Access Policy Manager | >=14.0.0<14.0.1.1 | |
F5 Access Policy Manager | >=14.1.0<14.1.2.4 | |
F5 BIG-IP Advanced Firewall Manager | >=11.5.1<11.6.5.1 | |
F5 BIG-IP Advanced Firewall Manager | >=12.1.0<12.1.5 | |
F5 BIG-IP Advanced Firewall Manager | >=13.0.0<13.1.3 | |
F5 BIG-IP Advanced Firewall Manager | >=14.0.0<14.0.1.1 | |
F5 BIG-IP Advanced Firewall Manager | >=14.1.0<14.1.2.4 | |
F5 BIG-IP Analytics | >=11.5.1<11.6.5.1 | |
F5 BIG-IP Analytics | >=12.1.0<12.1.5 | |
F5 BIG-IP Analytics | >=13.0.0<13.1.3 | |
F5 BIG-IP Analytics | >=14.0.0<14.0.1.1 | |
F5 BIG-IP Analytics | >=14.1.0<14.1.2.4 | |
F5 BIG-IP Application Acceleration Manager | >=11.5.1<11.6.5.1 | |
F5 BIG-IP Application Acceleration Manager | >=12.1.0<12.1.5 | |
F5 BIG-IP Application Acceleration Manager | >=13.0.0<13.1.3 | |
F5 BIG-IP Application Acceleration Manager | >=14.0.0<14.0.1.1 | |
F5 BIG-IP Application Acceleration Manager | >=14.1.0<14.1.2.4 | |
F5 Application Security Manager | >=11.5.1<11.6.5.1 | |
F5 Application Security Manager | >=12.1.0<12.1.5 | |
F5 Application Security Manager | >=13.0.0<13.1.3 | |
F5 Application Security Manager | >=14.0.0<14.0.1.1 | |
F5 Application Security Manager | >=14.1.0<14.1.2.4 | |
F5 BIG-IP | >=11.5.1<11.6.5.1 | |
F5 BIG-IP | >=12.1.0<12.1.5 | |
F5 BIG-IP | >=13.0.0<13.1.3 | |
F5 BIG-IP | >=14.0.0<14.0.1.1 | |
F5 BIG-IP | >=14.1.0<14.1.2.4 | |
F5 BIG-IP Edge Gateway | >=11.5.1<11.6.5.1 | |
F5 BIG-IP Edge Gateway | >=12.1.0<12.1.5 | |
F5 BIG-IP Edge Gateway | >=13.0.0<13.1.3 | |
F5 BIG-IP Edge Gateway | >=14.0.0<14.0.1.1 | |
F5 BIG-IP Edge Gateway | >=14.1.0<14.1.2.4 | |
F5 BIG-IP Fraud Protection Service | >=11.5.1<11.6.5.1 | |
F5 BIG-IP Fraud Protection Service | >=12.1.0<12.1.5 | |
F5 BIG-IP Fraud Protection Service | >=13.0.0<13.1.3 | |
F5 BIG-IP Fraud Protection Service | >=14.0.0<14.0.1.1 | |
F5 BIG-IP Fraud Protection Service | >=14.1.0<14.1.2.4 | |
Riverbed SteelApp Traffic Manager | >=11.5.1<11.6.5.1 | |
Riverbed SteelApp Traffic Manager | >=12.1.0<12.1.5 | |
Riverbed SteelApp Traffic Manager | >=13.0.0<13.1.3 | |
Riverbed SteelApp Traffic Manager | >=14.0.0<14.0.1.1 | |
Riverbed SteelApp Traffic Manager | >=14.1.0<14.1.2.4 | |
F5 BIG-IP Link Controller | >=11.5.1<11.6.5.1 | |
F5 BIG-IP Link Controller | >=12.1.0<12.1.5 | |
F5 BIG-IP Link Controller | >=13.0.0<13.1.3 | |
F5 BIG-IP Link Controller | >=14.0.0<14.0.1.1 | |
F5 BIG-IP Link Controller | >=14.1.0<14.1.2.4 | |
Riverbed SteelApp Traffic Manager | >=11.5.1<11.6.5.1 | |
Riverbed SteelApp Traffic Manager | >=12.1.0<12.1.5 | |
Riverbed SteelApp Traffic Manager | >=13.0.0<13.1.3 | |
Riverbed SteelApp Traffic Manager | >=14.0.0<14.0.1.1 | |
Riverbed SteelApp Traffic Manager | >=14.1.0<14.1.2.4 | |
F5 BIG-IP Policy Enforcement Manager | >=11.5.1<11.6.5.1 | |
F5 BIG-IP Policy Enforcement Manager | >=12.1.0<12.1.5 | |
F5 BIG-IP Policy Enforcement Manager | >=13.0.0<13.1.3 | |
F5 BIG-IP Policy Enforcement Manager | >=14.0.0<14.0.1.1 | |
F5 BIG-IP Policy Enforcement Manager | >=14.1.0<14.1.2.4 | |
F5 BIG-IP WebAccelerator | >=11.5.1<11.6.5.1 | |
F5 BIG-IP WebAccelerator | >=12.1.0<12.1.5 | |
F5 BIG-IP WebAccelerator | >=13.0.0<13.1.3 | |
F5 BIG-IP WebAccelerator | >=14.0.0<14.0.1.1 | |
F5 BIG-IP WebAccelerator | >=14.1.0<14.1.2.4 | |
All of | ||
Siemens RUGGEDCOM RM1224 | <6.1 | |
Siemens RuggedCom RM1224 LTE | ||
All of | ||
Siemens ROX II Firmware | <2.13.3 | |
Siemens ROX II OS | ||
All of | ||
Siemens SCALANCE M-800 | <6.1 | |
Siemens Scalance M-800 Firmware | ||
All of | ||
Siemens Scalance S615 EEC Firmware | <6.1 | |
Siemens Scalance S615 Firmware | ||
All of | ||
Siemens Scalance S602 Firmware | <2.0 | |
Siemens SCALANCE SC-600 family | ||
All of | ||
Siemens SCALANCE W1700 IEEE 802.11ac | <2.0 | |
Siemens SCALANCE W1700 IEEE 802.11ac Firmware | ||
All of | ||
Siemens SCALANCE W700 IEEE 802.11a/b/g/n Firmware | <6.4 | |
Siemens SCALANCE W700 IEEE 802.11a/b/g/n | ||
All of | ||
Siemens SIMATIC CP 1242-7 GPRS | <3.2 | |
Siemens SIMATIC CP 1242-7 | ||
All of | ||
Siemens SIMATIC CP 1243-1 Firmware | <3.2 | |
Siemens SIMATIC CP 1243-1 | ||
All of | ||
Siemens SIMATIC CP 1243-7 LTE EU Firmware | <3.2 | |
Siemens Simatic Net CP1243-7 LTE US | ||
All of | ||
Siemens SIMATIC CP 1243-7 LTE/US Firmware | <3.2 | |
Siemens Simatic Net CP 1243-7 LTE US Firmware | ||
All of | ||
Siemens SIMATIC CP 1243-8 IRC Firmware | <3.2 | |
Siemens Simatic Net CP 1243-8 IRC Firmware | ||
All of | ||
Siemens Simatic CP 1542SP-1 Firmware | <2.1 | |
Siemens Simatic CP 1542SP-1 IRC | ||
All of | ||
Siemens SIMATIC CP 1542SP-1 IRC Firmware | <2.1 | |
Siemens SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants) | ||
All of | ||
Siemens Simatic CP 1543-1 Firmware | <2.2 | |
Siemens Simatic CP 1543-1 | ||
All of | ||
Siemens Simatic CP 1543SP-1 Firmware | <2.1 | |
Siemens Simatic CP 1543SP-1 | ||
All of | ||
Siemens Simatic RF185C Firmware | <1.3 | |
Siemens Simatic RF185C Firmware | ||
All of | ||
Siemens Simatic RF186C | <1.3 | |
Siemens Simatic RF186C Firmware | ||
All of | ||
Siemens Simatic RF186C | <1.3 | |
Siemens Simatic RF186Ci Firmware | ||
All of | ||
Siemens Simatic RF188 | <1.3 | |
Siemens Simatic RF188 Firmware | ||
All of | ||
Siemens Simatic RF188CI Firmware | <1.3 | |
Siemens Simatic RF188CI Firmware | ||
All of | ||
Siemens SINEMA Remote Connect Server Firmware | >=1.1<2.0.1 | |
Siemens SINEMA Remote Connect | ||
Siemens RUGGEDCOM RM1224 | <6.1 | |
Siemens RuggedCom RM1224 LTE | ||
Siemens ROX II Firmware | <2.13.3 | |
Siemens ROX II OS | ||
Siemens SCALANCE M-800 | <6.1 | |
Siemens Scalance M-800 Firmware | ||
Siemens Scalance S615 EEC Firmware | <6.1 | |
Siemens Scalance S615 Firmware | ||
Siemens Scalance S602 Firmware | <2.0 | |
Siemens SCALANCE SC-600 family | ||
Siemens SCALANCE W1700 IEEE 802.11ac | <2.0 | |
Siemens SCALANCE W1700 IEEE 802.11ac Firmware | ||
Siemens SCALANCE W700 IEEE 802.11a/b/g/n Firmware | <6.4 | |
Siemens SCALANCE W700 IEEE 802.11a/b/g/n | ||
Siemens SIMATIC CP 1242-7 GPRS | <3.2 | |
Siemens SIMATIC CP 1242-7 | ||
Siemens SIMATIC CP 1243-1 Firmware | <3.2 | |
Siemens SIMATIC CP 1243-1 | ||
Siemens SIMATIC CP 1243-7 LTE EU Firmware | <3.2 | |
Siemens Simatic Net CP1243-7 LTE US | ||
Siemens SIMATIC CP 1243-7 LTE/US Firmware | <3.2 | |
Siemens Simatic Net CP 1243-7 LTE US Firmware | ||
Siemens SIMATIC CP 1243-8 IRC Firmware | <3.2 | |
Siemens Simatic Net CP 1243-8 IRC Firmware | ||
Siemens Simatic CP 1542SP-1 Firmware | <2.1 | |
Siemens Simatic CP 1542SP-1 IRC | ||
Siemens SIMATIC CP 1542SP-1 IRC Firmware | <2.1 | |
Siemens SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants) | ||
Siemens Simatic CP 1543-1 Firmware | <2.2 | |
Siemens Simatic CP 1543-1 | ||
Siemens Simatic CP 1543SP-1 Firmware | <2.1 | |
Siemens Simatic CP 1543SP-1 | ||
Siemens Simatic RF185C Firmware | <1.3 | |
Siemens Simatic RF185C Firmware | ||
Siemens Simatic RF186C | <1.3 | |
Siemens Simatic RF186C Firmware | ||
Siemens Simatic RF186C | <1.3 | |
Siemens Simatic RF186Ci Firmware | ||
Siemens Simatic RF188 | <1.3 | |
Siemens Simatic RF188 Firmware | ||
Siemens Simatic RF188CI Firmware | <1.3 | |
Siemens Simatic RF188CI Firmware | ||
Siemens SINEMA Remote Connect Server Firmware | >=1.1<2.0.1 | |
Siemens SINEMA Remote Connect | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Linux kernel vulnerability is CVE-2018-5391.
CVE-2018-5391 has a severity level of high.
The affected software for CVE-2018-5391 includes various versions of the Linux kernel, such as linux-aws, linux-azure, linux-euclid, linux-oem, linux, and more.
To fix CVE-2018-5391, update to the recommended versions of the affected software provided by the respective vendors.
You can find more information about CVE-2018-5391 on the Red Hat and CERT websites, as well as the official Linux kernel git repository.