Veracode Vulnerability DatabaseVERACODE:13130Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Linux kernel is vulnerable to denial of service. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending malicious packets within ongoing TCP sessions that could lead to a CPU saturation and consequently a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.
References
www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en
www.openwall.com/lists/oss-security/2019/06/28/2
www.openwall.com/lists/oss-security/2019/07/06/3
www.openwall.com/lists/oss-security/2019/07/06/4
www.securityfocus.com/bid/104976
www.securitytracker.com/id/1041424
www.securitytracker.com/id/1041434
access.redhat.com/errata/RHSA-2018:2384
access.redhat.com/errata/RHSA-2018:2395
access.redhat.com/errata/RHSA-2018:2402
access.redhat.com/errata/RHSA-2018:2403
access.redhat.com/errata/RHSA-2018:2645
access.redhat.com/errata/RHSA-2018:2776
access.redhat.com/errata/RHSA-2018:2785
access.redhat.com/errata/RHSA-2018:2789
access.redhat.com/errata/RHSA-2018:2790
access.redhat.com/errata/RHSA-2018:2791
access.redhat.com/errata/RHSA-2018:2924
access.redhat.com/errata/RHSA-2018:2933
access.redhat.com/errata/RHSA-2018:2948
access.redhat.com/security/cve/cve-2018-5390
access.redhat.com/security/updates/classification/#important
cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf
git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
lists.debian.org/debian-lts-announce/2018/08/msg00014.html
security.netapp.com/advisory/ntap-20180815-0003/
support.f5.com/csp/article/K95343321
support.f5.com/csp/article/K95343321?utm_source=f5support&utm_medium=RSS
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp
usn.ubuntu.com/3732-1/
usn.ubuntu.com/3732-2/
usn.ubuntu.com/3741-1/
usn.ubuntu.com/3741-2/
usn.ubuntu.com/3742-1/
usn.ubuntu.com/3742-2/
usn.ubuntu.com/3763-1/
www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack
www.debian.org/security/2018/dsa-4266
www.kb.cert.org/vuls/id/962459
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
www.synology.com/support/security/Synology_SA_18_41
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C