Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20181031-01-LINUX
HistoryOct 31, 2018 - 12:00 a.m.

Security Advisory - SegmentSmack Vulnerability in Linux Kernel

2018-10-3100:00:00
Huawei Technologies
www.huawei.com
48

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.783 High

EPSS

Percentile

98.3%

There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() of the affected device which can lead to a denial of service. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port. Thus, the attacks cannot be performed using spoofed IP addresses. (Vulnerability ID: HWPSIRT-2018-08114)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-5390.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-linux-en

Affected configurations

Vulners
Node
huaweiduke-l09MatchDuke-L09C10B187
OR
huaweiduke-l09MatchDuke-L09C432B189
OR
huaweiduke-l09MatchDuke-L09C636B189
OR
huaweiemily-al00aMatch6.0.1.3
OR
huaweiemily-al00aMatch8.1.0.105
OR
huaweiemily-al00aMatch8.1.0.105D
OR
huaweiemily-al00aMatch8.1.0.106
OR
huaweiemily-al00aMatch8.1.0.106D
OR
huaweiemily-al00aMatch8.1.0.107
OR
huaweiemily-al00aMatch8.1.0.107
OR
huaweiemily-al00aMatch8.1.0.107D
OR
huaweiemily-al00aMatch8.1.0.108
OR
huaweiemily-al00aMatch8.1.0.108
OR
huaweiemily-al00aMatch8.1.0.108D
OR
huaweiemily-al00aMatch8.1.0.109
OR
huaweiemily-al00aMatch8.1.0.112
OR
huaweiemily-al00aMatch8.1.0.123
OR
huaweiemily-al00aMatch8.1.0.132
OR
huaweiemily-al00aMatch8.1.0.150
OR
huaweiemily-al00aMatch8.1.0.152D
OR
huaweiemily-al00aMatch8.1.0.153
OR
huaweiemily-al00aMatch8.1.0.165D
OR
huaweiemily-al00aMatch8.1.0.167
OR
huaweiemily-al00aMatch8.1.0.175
OR
huaweihuawei_firmwareMatch2.1.11
OR
huaweihuawei_firmwareMatch2.1.6
OR
huaweihuawei_firmwareMatch2.2.RC3
OR
huaweihuawei_firmwareMatch2.2.RC5
OR
huaweihuawei_firmwareMatchV200R002C10
OR
huaweihuawei_firmwareMatchV200R002C20
OR
huaweihuawei_firmwareMatchV200R003C00
OR
huaweihuawei_firmwareMatchV200R003C00SPC200
OR
huaweihuawei_firmwareMatchV200R003C00SPC503
OR
huaweihuawei_firmwareMatchV200R003C00SPC509
OR
huaweihuawei_firmwareMatchV200R003C00SPC609
OR
huaweihuawei_firmwareMatchV200R005C00
OR
huaweihuawei_firmwareMatchV200R005C00SPC100
OR
huaweihuawei_firmwareMatchV200R005C00SPC200
OR
huaweihuawei_firmwareMatchV200R005C00SPC300
OR
huaweihuawei_firmwareMatchV200R005C00SPC310
OR
huaweihuawei_firmwareMatchV200R005C00SPC317
OR
huaweihuawei_firmwareMatchV200R005C00SPC318
OR
huaweihuawei_firmwareMatchV200R007C00SPC200
OR
huaweifusioncomputeMatch6.3.0
OR
huaweifusioncomputeMatch6.3.RC1
OR
huaweifusionsphere_openstackMatchV100R006C00
OR
huaweifusionsphere_openstackMatchV100R006C00RC1
OR
huaweifusionsphere_openstackMatchV100R006C00RC2
OR
huaweifusionsphere_openstackMatchV100R006C00U1
OR
huaweifusionsphere_openstackMatchV100R006C10
OR
huaweifusionsphere_openstackMatchV100R006C10RC1
OR
huaweifusionsphere_openstackMatchV100R006C10RC1B060
OR
huaweifusionsphere_openstackMatchV100R006C10RC2
OR
huaweifusionsphere_openstackMatchV100R006C10SPC002B010
OR
huaweifusionsphere_openstackMatchV100R006C10SPC100
OR
huaweifusionsphere_openstackMatchV100R006C10SPC110
OR
huaweifusionsphere_openstackMatchV100R006C10SPC200
OR
huaweifusionsphere_openstackMatchV100R006C10SPC200B030
OR
huaweifusionsphere_openstackMatchV100R006C10SPC301
OR
huaweifusionsphere_openstackMatchV100R006C10SPC500
OR
huaweifusionsphere_openstackMatchV100R006C10SPC530
OR
huaweifusionsphere_openstackMatchV100R006C10SPC600
OR
huaweifusionsphere_openstackMatchV100R006C10U10
OR
huaweifusionsphere_openstackMatchV100R006C10U20
OR
huaweifusionsphere_openstackMatchV100R006C30
OR
huaweifusionsphere_openstackMatchV100R006C30SPC100
OR
huaweilon-l29dMatchLON-L29DC721B192
OR
huaweilaya-al00epMatch9.0.0.107
OR
huaweitorontoMatchToronto-L21C10B173CUSTC10D001
OR
huaweitorontoMatchToronto-L21C432B177CUSTC432D001
OR
huaweitorontoMatchToronto-L21C569B174CUSTC569D001

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.783 High

EPSS

Percentile

98.3%