Threat Intelligence Report

Fusion Center Report: SegmentSmack - Linux Kernel TCP Vulnerability (English)

The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially crafted packets. This is being tracked as SegmentSmack, the CVE is CVE-2018- 5390.

Report from EclecticIQ Fusion Center from Tuesday 7 August 2018.

Key Findings:

  • Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
  • A remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.
  • The vulnerability does not allow remote code execution. To exploit the vulnerability, you need inbound TCP access to the server.
  • Most enterprise grade Linux distributions do not yet use Linux kernel’s 4.9 or above, so aren’t impacted. By the time they do, patches will be built in.

Download Report

About EclecticIQ

EclecticIQ develops analyst-centric products that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection, prevention, and response.

EclecticIQ Fusion Center

EclecticIQ Fusion Center delivers thematic intelligence bundles providing a single curated source of relevant CTI from leading suppliers all in a single contract.