Fusion Center Report: SegmentSmack - Linux Kernel TCP Vulnerability(English)
The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially crafted packets. This is being tracked as SegmentSmack, the CVE is CVE-2018- 5390.
Linux kernel versions 4.9+ can be forced to make very expensive calls totcp_collapse_ofo_queue()andtcp_prune_ofo_queue()for every incoming packet which can lead to a denial of service.
A remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.
The vulnerability does not allow remote code execution. To exploit the vulnerability, you need inbound TCP access to the server.
Most enterprise grade Linux distributions do not yet use Linux kernel’s 4.9 or above, so aren’t impacted. By the time they do, patches will be built in.
About EclecticIQ
EclecticIQ develops analyst-centric products that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection, prevention, and response.
EclecticIQ Fusion Center
EclecticIQ Fusion Center delivers thematic intelligence bundles providing a single curated source of relevant CTI from leading suppliers all in a single contract.
Download Report
About EclecticIQ
EclecticIQ develops analyst-centric products that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection, prevention, and response.
EclecticIQ Fusion Center
EclecticIQ Fusion Center delivers thematic intelligence bundles providing a single curated source of relevant CTI from leading suppliers all in a single contract.