CVE-2018-5390 (NVD)

2018-08-06

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Products Advanced_core_operating_system, Ubuntu_linux, Collaboration_meeting_rooms, Digital_network_architecture_center, Expressway, Expressway_series, Meeting_management, Network_assurance_engine, Telepresence_conductor_firmware, Telepresence_video_communication_server_firmware, Threat_grid\-Cloud, Webex_hybrid_data_security, Webex_video_mesh, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Traffix_systems_signaling_delivery_controller, Aruba_airwave_amp, Aruba_clearpass_policy_manager, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization
Type Uncontrolled Resource Consumption (CWE-400)
First patch - None (likely due to unavailable code)
Patches https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
Links https://access.redhat.com/errata/RHSA-2018:2924
https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
https://security.netapp.com/advisory/ntap-20180815-0003/
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf