CVE-2018-5390 – SegmentSmack: Linux Kernel Denial of Service Attack Vulnerability

Recently, the Linux kernel was exposed to a Denial of Service Attack Vulnerability (CVE-2018-5390) SegmentSmack. A remote attacker could exploit this vulnerability to trigger tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() function calls by sending specially modified packets in an ongoing TCP session, which consumes a lot of time and computation, which can cause CPU saturation, which can result in system Denial of service.

Maintaining this denial of service condition requires a continuous two-way TCP session to reach the reachable open port, so the attack cannot be performed using the spoofed IP address.

Affected version

The official version of Red Hat released is as follows:

• Red Hat Enterprise MRG 2 Kernel-rt Package
• Red Hat Enterprise Linux 7 Kernel-alt Package
• Red Hat Enterprise Linux 7 Kernel Package
• Red Hat Enterprise Linux 7 Kernel-rt Package
• Red Hat Enterprise Linux 6 Kernel Package
• Red Hat Enterprise Linux 5 Kernel Package

Solution

The RedHat official is already preparing the relevant updates for the above vulnerabilities and will be released as soon as possible after completion. Please keep the user concerned and upgrade in time for protection. The remaining vendors are advised to pay attention to the relevant notices.

Read more info here

• https://access.redhat.com/security/cve/cve-2018-5390
• https://access.redhat.com/articles/3553061