Vulnerability Note VU#641765
Linux kernel IP fragment re-assembly vulnerable to denial of service
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets.
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments.
An attacker may be able to trigger a denial-of-service condition against the system.
Apply a patch
If you are unable to apply a patch, see the following mitigations:
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Arista Networks, Inc.||Affected||13 Aug 2018||15 Aug 2018|
|Check Point Software Technologies||Affected||13 Aug 2018||13 Sep 2018|
|Debian GNU/Linux||Affected||13 Aug 2018||15 Aug 2018|
|Red Hat, Inc.||Affected||13 Aug 2018||15 Aug 2018|
|SUSE Linux||Affected||13 Aug 2018||12 Sep 2018|
|Ubuntu||Affected||13 Aug 2018||15 Aug 2018|
|Broadcom||Not Affected||13 Aug 2018||11 Sep 2018|
|3com Inc||Unknown||13 Aug 2018||13 Aug 2018|
|A10 Networks||Unknown||13 Aug 2018||13 Aug 2018|
|ACCESS||Unknown||13 Aug 2018||13 Aug 2018|
|Actelis Networks||Unknown||13 Aug 2018||13 Aug 2018|
|Actiontec||Unknown||13 Aug 2018||13 Aug 2018|
|ADTRAN||Unknown||13 Aug 2018||13 Aug 2018|
|aep NETWORKS||Unknown||13 Aug 2018||13 Aug 2018|
|Aerohive||Unknown||13 Aug 2018||13 Aug 2018|
CVSS Metrics (Learn More)
Thanks to Juha-Matti Tilli (Aalto University, Department of Communications and Networking / Nokia Bell Labs) for reporting this vulnerability.
This document was written by Trent Novelly.
- CVE IDs: CVE-2018-5391
- Date Public: 14 Aug 2018
- Date First Published: 14 Aug 2018
- Date Last Updated: 14 Sep 2018
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.