Threat Intelligence Report Fusion Center Report: SegmentSmack - Linux Kernel TCP Vulnerability (English)

The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially crafted packets. This is being tracked as SegmentSmack, the CVE is CVE-2018- 5390.

Report from EclecticIQ Fusion Center from Tuesday 7 August 2018.

Key Findings:

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

A remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.

The vulnerability does not allow remote code execution. To exploit the vulnerability, you need inbound TCP access to the server.

Most enterprise grade Linux distributions do not yet use Linux kernel’s 4.9 or above, so aren’t impacted. By the time they do, patches will be built in.

Download Resource

Download report and STIX entitiesSee other resources