BSA-2018-690
21378
15 August 2018
15 August 2018
Closed
High
7.8
Yes
CVE-2018-5391
Summary Security Advisory ID : BSA-2018-690 Component : Kernel Revision : 1.0: Final
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments.
Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. More information at: https://www.kb.cert.org/vuls/id/641765
Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Workaround
Change the (default) values of net.ipv4.ipfrag_high_thresh and net.ipv4.ipfrag_low_thresh back to 256kB and 192 kB (respectively) or below.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | August 15, 2018 |