Lucene search

K
cve[email protected]CVE-2018-5390
HistoryAug 06, 2018 - 8:29 p.m.

CVE-2018-5390

2018-08-0620:29:01
CWE-400
web.nvd.nist.gov
389
cve-2018-5390
linux kernel
denial of service
nvd
tcp

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.783 High

EPSS

Percentile

98.3%

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Affected configurations

NVD
Node
redhatvirtualizationMatch4.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch6.4
OR
redhatenterprise_linux_server_ausMatch6.5
OR
redhatenterprise_linux_server_ausMatch6.6
OR
redhatenterprise_linux_server_ausMatch7.2
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_eusMatch6.4
OR
redhatenterprise_linux_server_eusMatch6.7
OR
redhatenterprise_linux_server_eusMatch7.2
OR
redhatenterprise_linux_server_eusMatch7.3
OR
redhatenterprise_linux_server_eusMatch7.4
OR
redhatenterprise_linux_server_eusMatch7.5
OR
redhatenterprise_linux_server_tusMatch6.6
OR
redhatenterprise_linux_server_tusMatch7.2
OR
redhatenterprise_linux_server_tusMatch7.3
OR
redhatenterprise_linux_server_tusMatch7.4
OR
redhatenterprise_linux_workstationMatch7.0
Node
linuxlinux_kernelRange4.94.18
OR
linuxlinux_kernelMatch4.18rc1
OR
linuxlinux_kernelMatch4.18rc2
OR
linuxlinux_kernelMatch4.18rc3
OR
linuxlinux_kernelMatch4.18rc4
OR
linuxlinux_kernelMatch4.18rc5
OR
linuxlinux_kernelMatch4.18rc6
Node
canonicalubuntu_linuxMatch12.04esm
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch18.04lts
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
hparuba_airwave_ampRange<8.2.7.1
OR
hparuba_clearpass_policy_managerRange6.6.06.6.9
OR
hparuba_clearpass_policy_managerRange6.7.06.7.5
Node
f5big-ip_access_policy_managerRange11.5.111.6.3
OR
f5big-ip_access_policy_managerRange12.1.012.1.3
OR
f5big-ip_access_policy_managerRange13.0.013.1.1
OR
f5big-ip_access_policy_managerMatch14.0.0
OR
f5big-ip_advanced_firewall_managerRange11.5.111.6.3
OR
f5big-ip_advanced_firewall_managerRange12.1.012.1.3
OR
f5big-ip_advanced_firewall_managerRange13.0.013.1.1
OR
f5big-ip_advanced_firewall_managerMatch14.0.0
OR
f5big-ip_analyticsRange11.5.111.6.3
OR
f5big-ip_analyticsRange12.1.012.1.3
OR
f5big-ip_analyticsRange13.0.013.1.1
OR
f5big-ip_analyticsMatch14.0.0
OR
f5big-ip_application_acceleration_managerRange11.5.111.6.3
OR
f5big-ip_application_acceleration_managerRange12.1.012.1.3
OR
f5big-ip_application_acceleration_managerRange13.0.013.1.1
OR
f5big-ip_application_acceleration_managerMatch14.0.0
OR
f5big-ip_application_security_managerRange11.5.111.6.3
OR
f5big-ip_application_security_managerRange12.1.012.1.3
OR
f5big-ip_application_security_managerRange13.0.013.1.1
OR
f5big-ip_application_security_managerMatch14.0.0
OR
f5big-ip_domain_name_systemRange11.5.111.6.3
OR
f5big-ip_domain_name_systemRange12.1.012.1.3
OR
f5big-ip_domain_name_systemRange13.0.013.1.1
OR
f5big-ip_domain_name_systemMatch14.0.0
OR
f5big-ip_edge_gatewayRange11.5.1.11.6.3
OR
f5big-ip_edge_gatewayRange12.1.012.1.3
OR
f5big-ip_edge_gatewayRange13.0.013.1.1
OR
f5big-ip_edge_gatewayMatch14.0.0
OR
f5big-ip_fraud_protection_serviceRange11.5.111.6.3
OR
f5big-ip_fraud_protection_serviceRange12.1.012.1.3
OR
f5big-ip_fraud_protection_serviceRange13.0.013.1.1
OR
f5big-ip_fraud_protection_serviceMatch14.0.0
OR
f5big-ip_global_traffic_managerRange11.5.111.6.3
OR
f5big-ip_global_traffic_managerRange12.1.012.1.3
OR
f5big-ip_global_traffic_managerRange13.0.013.1.1
OR
f5big-ip_global_traffic_managerMatch14.0.0
OR
f5big-ip_link_controllerRange11.5.111.6.3
OR
f5big-ip_link_controllerRange12.1.012.1.3
OR
f5big-ip_link_controllerRange13.0.013.1.1
OR
f5big-ip_link_controllerMatch14.0.0
OR
f5big-ip_local_traffic_managerRange11.5.111.6.3
OR
f5big-ip_local_traffic_managerRange12.0.012.1.3
OR
f5big-ip_local_traffic_managerRange13.0.013.1.1
OR
f5big-ip_local_traffic_managerMatch14.0.0
OR
f5big-ip_policy_enforcement_managerRange11.5.111.6.3
OR
f5big-ip_policy_enforcement_managerRange12.1.012.1.3
OR
f5big-ip_policy_enforcement_managerRange13.0.013.1.1
OR
f5big-ip_policy_enforcement_managerMatch14.0.0
OR
f5big-ip_webacceleratorRange11.5.111.6.3
OR
f5big-ip_webacceleratorRange12.1.012.1.3
OR
f5big-ip_webacceleratorRange13.0.013.1.1
OR
f5big-ip_webacceleratorMatch14.0.0
OR
f5traffix_systems_signaling_delivery_controllerRange5.0.05.1.0
OR
f5traffix_systems_signaling_delivery_controllerMatch4.4.0
Node
a10networksadvanced_core_operating_systemMatch3.2.2
OR
a10networksadvanced_core_operating_systemMatch3.2.2p5
OR
a10networksadvanced_core_operating_systemMatch4.1.0
OR
a10networksadvanced_core_operating_systemMatch4.1.0p11
OR
a10networksadvanced_core_operating_systemMatch4.1.1p8
OR
a10networksadvanced_core_operating_systemMatch4.1.2
OR
a10networksadvanced_core_operating_systemMatch4.1.2p4
OR
a10networksadvanced_core_operating_systemMatch4.1.4
OR
a10networksadvanced_core_operating_systemMatch4.1.4p1
Node
ciscocollaboration_meeting_roomsMatch1.0
OR
ciscodigital_network_architecture_centerMatch1.2
OR
ciscoexpresswayMatchx8.10
OR
ciscoexpresswayMatchx8.10.1
OR
ciscoexpresswayMatchx8.10.2
OR
ciscoexpresswayMatchx8.10.3
OR
ciscoexpresswayMatchx8.10.4
OR
ciscoexpresswayMatchx8.11
OR
ciscoexpressway_seriesMatch-
OR
ciscomeeting_managementMatch1.0
OR
ciscomeeting_managementMatch1.0.1
OR
cisconetwork_assurance_engineMatch2.1\(1a\)
OR
ciscothreat_grid-cloudMatch-
OR
ciscowebex_hybrid_data_securityMatch-
OR
ciscowebex_video_meshMatch-
Node
ciscotelepresence_video_communication_server_firmwareMatchx8.10
OR
ciscotelepresence_video_communication_server_firmwareMatchx8.10.1
OR
ciscotelepresence_video_communication_server_firmwareMatchx8.10.2
OR
ciscotelepresence_video_communication_server_firmwareMatchx8.10.3
OR
ciscotelepresence_video_communication_server_firmwareMatchx8.10.4
OR
ciscotelepresence_video_communication_server_firmwareMatchx8.11
AND
ciscotelepresence_video_communication_serverMatch-
Node
ciscotelepresence_conductor_firmwareMatchxc4.3
OR
ciscotelepresence_conductor_firmwareMatchxc4.3.1
OR
ciscotelepresence_conductor_firmwareMatchxc4.3.2
OR
ciscotelepresence_conductor_firmwareMatchxc4.3.3
OR
ciscotelepresence_conductor_firmwareMatchxc4.3.4
AND
ciscotelepresence_conductorMatch-

CNA Affected

[
  {
    "product": "Linux Kernel",
    "vendor": "Linux",
    "versions": [
      {
        "lessThan": "4.9*",
        "status": "affected",
        "version": "4.9",
        "versionType": "custom"
      }
    ]
  }
]

References

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.783 High

EPSS

Percentile

98.3%