On the week of July 15th researcher Juha-Matti Tilli disclosed a vulnerability he discovered in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), and Akamai. The vulnerability, CVE-2018-5390, is a resource exhaustion attack triggered by a specially crafted stream of TCP segments which creates expensive processing within the Linux kernel.

In preparation for the public disclosure of the vulnerability, Akamai prepared and began deploying patches for its network. Simultaneously, Akamai has been working with external parties to ensure that the solution works, verifying that the fix was sufficient to protect its network and customers. Akamai continues to work closely with the vulnerability coordinators at NCSC-FI and CERT/CC to aid the vulnerability disclosure, testing and notification processes.

This issue impacts nearly all current Linux systems, while versions of the Linux kernel release 4.9 or later being the most susceptible. Release version 4.8 and older, while still impacted, require more malicious traffic to exhibit the same level of resource exhaustion.

Impact on our Network

All organizations that use recent versions of the Linux kernel are exposed to this issue prior to patching, including Akamai. Shortly after notification of the vulnerability we began the process of patching our systems, starting with the most critical of our services and continuing on to the rest of our network. At this point, all critical services are patched and we are working to complete the patching on the few remaining systems that could be impacted.

How to protect yourself

We recommend updating your operating system as soon as patches are available. Many Linux distributions have been notified of the vulnerability and expect to be releasing patches today (August 6, 2018) through their normal distribution channels. Keep an eye out for CVE-2018-5390 listed in the release notes of your distribution.

Akamai is grateful to Juha-Matti Tilli for his efforts to work with our security team and other organizations involved to make it possible to quickly respond to this vulnerability.