BSA-2018-696

Brocade Fabric OS

2 more products

21633

22 August 2018

22 August 2018

Closed

High

7.1

Yes

CVE-2018-6922

Summary

Security Advisory ID : BSA-2018-696

Component : Kernel

Revision : 1.0: Final


A TCP data structure in supported versions of FreeBSD (11, 11.1, 11.2, 10, and 10.4) use an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue.

Impact
An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost. More information at: https://www.kb.cert.org/vuls/id/962459

Workaround
As a workaround, system administrators should configure their systems to only accept TCP connections from trusted end-stations, if it is possible to do so.
or systems which must accept TCP connections from untrusted end-stations, the workaround is to limit the size of each reassembly queue. The capability to do that is added by the patches noted in the "Solution" section below.

Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version Change Date
1.0 Initial Publication August 22, 2018