Vulnerability Description
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Virtualization | 4.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 6.4 |
| Redhat | Enterprise Linux Server Eus | 6.4 |
| Redhat | Enterprise Linux Server Tus | 6.6 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Linux | Linux Kernel | >= 4.9, < 4.18 |
| Canonical | Ubuntu Linux | 12.04 |
| Debian | Debian Linux | 8.0 |
| Hp | Aruba Airwave Amp | < 8.2.7.1 |
| Hp | Aruba Clearpass Policy Manager | >= 6.6.0, <= 6.6.9 |
| F5 | Big-Ip Access Policy Manager | >= 11.5.1, <= 11.6.3 |
| F5 | Big-Ip Advanced Firewall Manager | >= 11.5.1, <= 11.6.3 |
| F5 | Big-Ip Analytics | >= 11.5.1, <= 11.6.3 |
| F5 | Big-Ip Application Acceleration Manager | >= 11.5.1, <= 11.6.3 |
| F5 | Big-Ip Application Security Manager | >= 11.5.1, <= 11.6.3 |
| F5 | Big-Ip Domain Name System | >= 11.5.1, <= 11.6.3 |
| F5 | Big-Ip Edge Gateway | >= 11.5.1., <= 11.6.3 |
| F5 | Big-Ip Fraud Protection Service | >= 11.5.1, <= 11.6.3 |
Related Weaknesses (CWE)
References
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txtThird Party Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-eThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/06/28/2Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/07/06/3Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/07/06/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/104976Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041424Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041434Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2384Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2395Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2402Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2403Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2645Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2776Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2785Third Party Advisory
FAQ
What is CVE-2018-5390?
CVE-2018-5390 is a vulnerability with a CVSS score of 7.5 (HIGH). Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
How severe is CVE-2018-5390?
CVE-2018-5390 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5390?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Virtualization, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.