Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 663014 (CVE-2018-5390) - kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) (CVE-2018-5390)
Summary: kernel: TCP segments with random offsets allow a remote denial of service (Se...
Status: RESOLVED FIXED
Alias: CVE-2018-5390
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard: A3 [noglsa cve]
Keywords:
Depends on: CVE-2018-13405
Blocks:
  Show dependency tree
 
Reported: 2018-08-07 11:28 UTC by GLSAMaker/CVETool Bot
Modified: 2019-08-17 15:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-08-07 11:28:27 UTC
CVE-2018-5390 (https://nvd.nist.gov/vuln/detail/CVE-2018-5390):
  Linux kernel versions 4.9+ can be forced to make very expensive calls to
  tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet
  which can lead to a denial of service.
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-08-07 11:44:08 UTC
External References:

https://access.redhat.com/articles/3553061

https://www.kb.cert.org/vuls/id/962459

https://www.spinics.net/lists/netdev/msg514742.html

An upstream fix is a merge commit:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e

consisting of the following commits:

commit 72cd43ba64fc172a443410ce01645895850844c8
commit f4a3313d8e2ca9fd8d8f45e40a2903ba782607e7
commit 3d4bf93ac12003f9b8e1e2de37fe27983deebdcf
commit 8541b21e781a22dce52a74fef0b9bed00404a1cd
commit 58152ecbbcc6a0ce7fddd5bf5f6ee535834ece0c
Comment 2 Thomas Deutschmann gentoo-dev Security 2018-08-07 13:20:36 UTC
Fixes available in:

4.17: >=sys-kernel/gentoo-sources-4.17.11
4.14: >=sys-kernel/gentoo-sources-4.14.59
4.9:  >=sys-kernel/gentoo-sources-4.9.116
4.4:  Unaffacted
Comment 3 Thomas Deutschmann gentoo-dev Security 2018-08-07 13:24:54 UTC
Stabilization will happen in bug 663016.