Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 663014 (CVE-2018-5390) - kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) (CVE-2018-5390)
Summary: kernel: TCP segments with random offsets allow a remote denial of service (Se...
Alias: CVE-2018-5390
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
Whiteboard: A3 [noglsa cve]
Depends on: CVE-2018-13405
  Show dependency tree
Reported: 2018-08-07 11:28 UTC by GLSAMaker/CVETool Bot
Modified: 2019-08-17 15:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-08-07 11:28:27 UTC
CVE-2018-5390 (
  Linux kernel versions 4.9+ can be forced to make very expensive calls to
  tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet
  which can lead to a denial of service.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-07 11:44:08 UTC
External References:

An upstream fix is a merge commit:

consisting of the following commits:

commit 72cd43ba64fc172a443410ce01645895850844c8
commit f4a3313d8e2ca9fd8d8f45e40a2903ba782607e7
commit 3d4bf93ac12003f9b8e1e2de37fe27983deebdcf
commit 8541b21e781a22dce52a74fef0b9bed00404a1cd
commit 58152ecbbcc6a0ce7fddd5bf5f6ee535834ece0c
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-07 13:20:36 UTC
Fixes available in:

4.17: >=sys-kernel/gentoo-sources-4.17.11
4.14: >=sys-kernel/gentoo-sources-4.14.59
4.9:  >=sys-kernel/gentoo-sources-4.9.116
4.4:  Unaffacted
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-07 13:24:54 UTC
Stabilization will happen in bug 663016.