CVE-2018-6922
First published: Wed Aug 08 2018(Updated: )
One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.
Credit: secteam@freebsd.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | =10.4 | |
| FreeBSD Kernel | =10.4-p1 | |
| FreeBSD Kernel | =10.4-p3 | |
| FreeBSD Kernel | =10.4-p4 | |
| FreeBSD Kernel | =10.4-p5 | |
| FreeBSD Kernel | =10.4-p6 | |
| FreeBSD Kernel | =10.4-p7 | |
| FreeBSD Kernel | =10.4-p8 | |
| FreeBSD Kernel | =10.4-p9 | |
| FreeBSD Kernel | =11.1 | |
| FreeBSD Kernel | =11.1-p1 | |
| FreeBSD Kernel | =11.1-p11 | |
| FreeBSD Kernel | =11.1-p2 | |
| FreeBSD Kernel | =11.1-p4 | |
| FreeBSD Kernel | =11.1-p5 | |
| FreeBSD Kernel | =11.1-p6 | |
| FreeBSD Kernel | =11.1-p7 | |
| FreeBSD Kernel | =11.1-p9 | |
| FreeBSD Kernel | =11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-6922?
CVE-2018-6922 is rated as a medium severity vulnerability.
How do I fix CVE-2018-6922?
To fix CVE-2018-6922, upgrade to FreeBSD version 11.2-RELEASE-p1, 11.1-RELEASE-p12, or 10.4-RELEASE-p10 or later.
What versions of FreeBSD are affected by CVE-2018-6922?
CVE-2018-6922 affects all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10.
What is the impact of CVE-2018-6922?
CVE-2018-6922 can lead to an increase in CPU time consumption due to inefficient TCP segment processing.
Who reported CVE-2018-6922?
CVE-2018-6922 was reported by security researchers but specific individual names may not be disclosed in the advisory.
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/10.4
- version/freebsd kernel/10.4-p1
- version/freebsd kernel/10.4-p3
- version/freebsd kernel/10.4-p4
- version/freebsd kernel/10.4-p5
- version/freebsd kernel/10.4-p6
- version/freebsd kernel/10.4-p7
- version/freebsd kernel/10.4-p8
- version/freebsd kernel/10.4-p9
- version/freebsd kernel/11.1
- version/freebsd kernel/11.1-p1
- version/freebsd kernel/11.1-p11
- version/freebsd kernel/11.1-p2
- version/freebsd kernel/11.1-p4
- version/freebsd kernel/11.1-p5
- version/freebsd kernel/11.1-p6
- version/freebsd kernel/11.1-p7
- version/freebsd kernel/11.1-p9
- version/freebsd kernel/11.2