BSA-2018-690

Brocade Fabric OS

2 more products

21378

15 August 2018

15 August 2018

Closed

High

7.8

Yes

CVE-2018-5391

Summary

Security Advisory ID : BSA-2018-690

Component : Kernel

Revision : 1.0: Final


The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. 

Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. More information at: https://www.kb.cert.org/vuls/id/641765

Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Note
Brocade Manageability products are not vulnerable to CVE-2018-5390. However, since the environnement that runs the products is not under Brocade's control, Brocade recommends Customers to apply recommendation from the vendors.

Workaround
Change the (default) values of net.ipv4.ipfrag_high_thresh and net.ipv4.ipfrag_low_thresh back to 256kB and 192 kB (respectively) or below.

Revision History

Version Change Date
1.0 Initial Publication August 15, 2018