kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)

🗓️ 14 Aug 2018 20:23:19Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

SegmentSmack flaw in the Linux kernel causes CPU saturation via crafted TCP packets during ongoing sessions.

Reporter	Title	Published	Views	Family All 331
IBM Security Bulletins	Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018	28 Jan 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801q	10 Oct 201821:05	–	ibm
IBM Security Bulletins	Security Bulletin: This Power System update is being released to address CVE-2018-5390	7 Dec 202119:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect is affected by multiple third-party vulnerabilities (Node.js, nghttp2, Linux, Intel CPU, Android)	31 Oct 201820:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	3 Dec 201814:30	–	ibm
Akamai Blog	Linux Kernel TCP Vulnerability	6 Aug 201816:15	–	akamaiblog
Tenable Nessus	Amazon Linux 2 : kernel (ALAS-2018-1050)	7 Aug 201800:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2018-1049)	7 Aug 201800:00	–	nessus
Tenable Nessus	Arista Networks CloudVision Portal DoS (SA0036)	9 Jul 202000:00	–	nessus
Tenable Nessus	Arista Networks EOS/vEOS SegmentSmack TCP DoS (SA0036)	17 Feb 202000:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	x86_64	kernel-rt	0:3.10.0-862.11.6.rt56.819.el7	kernel-rt-0:3.10.0-862.11.6.rt56.819.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug	0:3.10.0-862.11.6.rt56.819.el7	kernel-rt-debug-0:3.10.0-862.11.6.rt56.819.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-debuginfo	0:3.10.0-862.11.6.rt56.819.el7	kernel-rt-debug-debuginfo-0:3.10.0-862.11.6.rt56.819.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-devel	0:3.10.0-862.11.6.rt56.819.el7	kernel-rt-debug-devel-0:3.10.0-862.11.6.rt56.819.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-kvm	0:3.10.0-862.11.6.rt56.819.el7	kernel-rt-debug-kvm-0:3.10.0-862.11.6.rt56.819.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-kvm-debuginfo	0:3.10.0-862.11.6.rt56.819.el7	kernel-rt-debug-kvm-debuginfo-0:3.10.0-862.11.6.rt56.819.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debuginfo	0:3.10.0-862.11.6.rt56.819.el7	kernel-rt-debuginfo-0:3.10.0-862.11.6.rt56.819.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debuginfo-common-x86_64	0:3.10.0-862.11.6.rt56.819.el7	kernel-rt-debuginfo-common-x86_64-0:3.10.0-862.11.6.rt56.819.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-devel	0:3.10.0-862.11.6.rt56.819.el7	kernel-rt-devel-0:3.10.0-862.11.6.rt56.819.el7.x86_64.rpm
Red Hat Enterprise Linux	7	any	kernel-rt-doc	0:3.10.0-862.11.6.rt56.819.el7.noarch	kernel-rt-doc-0:3.10.0-862.11.6.rt56.819.el7.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/articles/3553061
access	www.access.redhat.com/security/cve/CVE-2018-5390
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-5390
cve	www.cve.org/CVERecord
kb	www.kb.cert.org/vuls/id/962459
spinics	www.spinics.net/lists/netdev/msg514742.html

29 May 2026 21:24Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.5

CVSS 27.8

EPSS0.10596

segment smack linux kernel transmission control packets denial of service processor saturation