Overview
The Linux kernel versions 4.9+ and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially modified packets.
Description
CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CVE-2018-5390
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CVE-2018-6922
A TCP data structure in supported versions of FreeBSD (11, 11.1, 11.2, 10, and 10.4) use an inefficient algorithm to reassemble the data.
For both vulnerabilities, an attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port. Thus, the attacks cannot be performed using spoofed IP addresses.
Impact
An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.
Solution
Apply a patch
Patches for the Linux kernel are available to address the vulnerability.
Patches for FreeBSD are available to address the vulnerability.
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.1 | AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Temporal | 6.4 | E:POC/RL:ND/RC:C |
| Environmental | 6.4 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Juha-Matti Tilli (Aalto University, Department of Communications and Networking / Nokia Bell Labs) for reporting these vulnerabilities.
This document was written by Trent Novelly.
Other Information
| CVE IDs: | CVE-2018-5390, CVE-2018-6922 |
| Date Public: | 2018-07-23 |
| Date First Published: | 2018-08-06 |
| Date Last Updated: | 2018-09-14 19:29 UTC |
| Document Revision: | 31 |