Vulnerability Note VU#962459
TCP implementations vulnerable to Denial of Service
The Linux kernel versions 4.9+ and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially modified packets.
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.
Apply a patch
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Akamai Technologies, Inc.||Affected||27 Jul 2018||08 Aug 2018|
|Arista Networks, Inc.||Affected||23 Jul 2018||07 Aug 2018|
|Debian GNU/Linux||Affected||23 Jul 2018||07 Aug 2018|
|F5 Networks, Inc.||Affected||23 Jul 2018||09 Aug 2018|
|FreeBSD Project||Affected||23 Jul 2018||08 Aug 2018|
|Juniper Networks||Affected||23 Jul 2018||07 Aug 2018|
|SUSE Linux||Affected||23 Jul 2018||07 Aug 2018|
|Ubuntu||Affected||23 Jul 2018||07 Aug 2018|
|ADTRAN||Not Affected||23 Jul 2018||09 Aug 2018|
|ZyXEL||Not Affected||23 Jul 2018||14 Aug 2018|
|3com Inc||Unknown||23 Jul 2018||23 Jul 2018|
|A10 Networks||Unknown||27 Jul 2018||27 Jul 2018|
|ACCESS||Unknown||23 Jul 2018||23 Jul 2018|
|Actelis Networks||Unknown||27 Jul 2018||27 Jul 2018|
|Actiontec||Unknown||23 Jul 2018||23 Jul 2018|
CVSS Metrics (Learn More)
Thanks to Juha-Matti Tilli (Aalto University, Department of Communications and Networking / Nokia Bell Labs) for reporting these vulnerabilities.
This document was written by Trent Novelly.
- CVE IDs: CVE-2018-5390 CVE-2018-6922
- Date Public: 23 Jul 2018
- Date First Published: 06 Aug 2018
- Date Last Updated: 15 Aug 2018
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.