ID:

CVE-2018-5391 (NVD)

- Vulnerability Info (edit)
2018-09-06

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Products Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
Type Improper Input Validation (CWE-20)
First patch - None (likely due to unavailable code)
Patches https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
Links http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
https://access.redhat.com/errata/RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3590
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://access.redhat.com/errata/RHSA-2018:2785
Annotation

Note:

No patch was assigned yet.