CVE-2018-5390

Home/CVE/Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queu

CVE

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queu

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

HIGH · CVSS 7.5 EPSS 0.10596

Schedule remediation

EPSS ≥ 0.10 - elevated exploitation probability
EPSS percentile: top 7% of all CVEs by exploitation likelihood
CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-400Uncontrolled Resource Consumption

▤

Affected Products & Versions

redhat virtualizationall versions
redhat enterprise linux desktopall versions
redhat enterprise linux serverall versions
redhat enterprise linux server ausall versions
redhat enterprise linux server eusall versions
redhat enterprise linux server tusall versions
redhat enterprise linux workstationall versions
linux kernel>= 4.9 and < 4.18
Show all 38 affected productslinux kernelall versions
canonical ubuntu linuxall versions
debian linuxall versions
hp aruba airwave amp< 8.2.7.1
hp aruba clearpass policy manager>= 6.6.0 and <= 6.6.9
hp aruba clearpass policy manager>= 6.7.0 and <= 6.7.5
f5 big-ip access policy manager>= 11.5.1 and <= 11.6.3
f5 big-ip access policy manager>= 12.1.0 and <= 12.1.3
f5 big-ip access policy manager>= 13.0.0 and <= 13.1.1
f5 big-ip access policy managerall versions
f5 big-ip advanced firewall manager>= 11.5.1 and <= 11.6.3
f5 big-ip advanced firewall manager>= 12.1.0 and <= 12.1.3
f5 big-ip advanced firewall manager>= 13.0.0 and <= 13.1.1
f5 big-ip advanced firewall managerall versions
f5 big-ip analytics>= 11.5.1 and <= 11.6.3
f5 big-ip analytics>= 12.1.0 and <= 12.1.3
f5 big-ip analytics>= 13.0.0 and <= 13.1.1
f5 big-ip analyticsall versions
f5 big-ip application acceleration manager>= 11.5.1 and <= 11.6.3
f5 big-ip application acceleration manager>= 12.1.0 and <= 12.1.3
f5 big-ip application acceleration manager>= 13.0.0 and <= 13.1.1
f5 big-ip application acceleration managerall versions
f5 big-ip application security manager>= 11.5.1 and <= 11.6.3
f5 big-ip application security manager>= 12.1.0 and <= 12.1.3
f5 big-ip application security manager>= 13.0.0 and <= 13.1.1
f5 big-ip application security managerall versions
f5 big-ip domain name system>= 11.5.1 and <= 11.6.3
f5 big-ip domain name system>= 12.1.0 and <= 12.1.3
f5 big-ip domain name system>= 13.0.0 and <= 13.1.1
f5 big-ip domain name systemall versions

▣

Scoring & Timeline

7.5

HIGH · CVSS v3.1 · cret@cert.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD06 Aug 2018 · 08:29 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

⚑

Vendor Advisories

suse-csafSUSE-SU-2019:2821-1
suse-csafSUSE-SU-2019:2601-1
suse-csafSUSE-SU-2019:2230-1
suse-csafSUSE-SU-2019:14127-1
suse-csafSUSE-SU-2019:1870-1
Show all 30 vendor advisoriessuse-csafSUSE-SU-2019:1767-1
suse-csafSUSE-SU-2019:1425-1
suse-csafSUSE-SU-2019:0955-1
suse-csafSUSE-SU-2018:3789-1
suse-csafSUSE-SU-2018:3470-1
suse-csafSUSE-SU-2018:3328-1
suse-csafSUSE-SU-2018:3265-1
suse-csafSUSE-SU-2018:2344-2
suse-csafSUSE-SU-2018:3172-1
suse-csafSUSE-SU-2018:3029-1
suse-csafSUSE-SU-2018:2960-1
suse-csafSUSE-SU-2018:2961-1
suse-csafSUSE-SU-2018:2962-1
suse-csafSUSE-SU-2018:2963-1
rhsaRHSA-2018:2924Important
rhsaRHSA-2018:2933Important
suse-csafSUSE-SU-2018:2860-1
suse-csafSUSE-SU-2018:2864-1
suse-csafSUSE-SU-2018:2787-1
rhsaRHSA-2018:2948Important
usnUSN-3763-1
suse-csafSUSE-SU-2018:2596-1
cisco-csafcisco-sa-20180824-linux-tcp
suse-csafSUSE-SU-2018:2472-1
suse-csafSUSE-SU-2018:2474-1