CVE-2018-5391

HIGH

Description

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

References

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt

http://www.openwall.com/lists/oss-security/2019/06/28/2

http://www.openwall.com/lists/oss-security/2019/07/06/3

http://www.openwall.com/lists/oss-security/2019/07/06/4

http://www.securityfocus.com/bid/105108

http://www.securitytracker.com/id/1041476

http://www.securitytracker.com/id/1041637

https://access.redhat.com/errata/RHSA-2018:2785

https://access.redhat.com/errata/RHSA-2018:2791

https://access.redhat.com/errata/RHSA-2018:2846

https://access.redhat.com/errata/RHSA-2018:2924

https://access.redhat.com/errata/RHSA-2018:2925

https://access.redhat.com/errata/RHSA-2018:2933

https://access.redhat.com/errata/RHSA-2018:2948

https://access.redhat.com/errata/RHSA-2018:3083

https://access.redhat.com/errata/RHSA-2018:3096

https://access.redhat.com/errata/RHSA-2018:3459

https://access.redhat.com/errata/RHSA-2018:3540

https://access.redhat.com/errata/RHSA-2018:3586

https://access.redhat.com/errata/RHSA-2018:3590

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f

https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

https://security.netapp.com/advisory/ntap-20181003-0002/

https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS

https://usn.ubuntu.com/3740-1/

https://usn.ubuntu.com/3740-2/

https://usn.ubuntu.com/3741-1/

https://usn.ubuntu.com/3741-2/

https://usn.ubuntu.com/3742-1/

https://usn.ubuntu.com/3742-2/

https://www.debian.org/security/2018/dsa-4272

https://www.kb.cert.org/vuls/id/641765

Details

Source: MITRE

Published: 2018-09-06

Updated: 2019-03-21

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from 3.9 to 4.18 (inclusive)

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Tenable Plugins

View all (65 total)

IDNameProductFamilySeverity
138338Arista Networks Networks CloudVision Portal IP fragment DoS (SA0037)NessusMisc.
high
133862Arista Networks EOS/vEOS IP fragment DoS (SA0037)NessusMisc.
high
127408NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0143)NessusNewStart CGSL Local Security Checks
critical
127233NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0049)NessusNewStart CGSL Local Security Checks
high
127222NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0044)NessusNewStart CGSL Local Security Checks
high
126031Slackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)NessusSlackware Local Security Checks
high
125484F5 Networks BIG-IP : Linux kernel vulnerability (K74374841)NessusF5 Networks Local Security Checks
high
125283SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124834EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)NessusHuawei Local Security Checks
high
124828EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)NessusHuawei Local Security Checks
critical
123854EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1168)NessusHuawei Local Security Checks
high
123515Cisco IOS XE Software Linux Kernel IP Fragment DoS (cisco-sa-20180824-linux-ip-fragment)NessusCISCO
high
123415Cisco Application Policy Infrastructure Controller Linux Kernel IP Fragment Reassembly DoSNessusCISCO
high
123269openSUSE Security Update : the Linux Kernel (openSUSE-2019-618) (Foreshadow)NessusSuSE Local Security Checks
medium
123000SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0672-1)NessusSuSE Local Security Checks
medium
122969SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0645-1)NessusSuSE Local Security Checks
medium
122879Debian DLA-1715-1 : linux-4.9 security update (Spectre)NessusDebian Local Security Checks
high
122699EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)NessusHuawei Local Security Checks
medium
122609SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)NessusSuSE Local Security Checks
high
122578openSUSE Security Update : the Linux Kernel (openSUSE-2019-274)NessusSuSE Local Security Checks
medium
122259Palo Alto Networks PAN-OS 6.1.x < 6.1.22 / 7.1.x < 7.1.20 / 8.0.x < 8.0.13 / 8.1.x < 8.1.5 Multiple Vulnerabilities (PAN-SA-2018-0012)NessusPalo Alto Local Security Checks
high
122007Photon OS 2.0: Linux PHSA-2018-2.0-0109NessusPhotonOS Local Security Checks
high
121098Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-075)NessusVirtuozzo Local Security Checks
high
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
120082SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2380-1) (Foreshadow)NessusSuSE Local Security Checks
medium
119187Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
high
119112RHEL 6 : MRG (RHSA-2018:3586)NessusRed Hat Local Security Checks
high
119036SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3792-1)NessusSuSE Local Security Checks
high
119033SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3787-1)NessusSuSE Local Security Checks
high
118990CentOS 7 : kernel (CESA-2018:3083)NessusCentOS Local Security Checks
high
118947RHEL 7 : kernel (RHSA-2018:3590)NessusRed Hat Local Security Checks
high
118946RHEL 7 : kernel (RHSA-2018:3540)NessusRed Hat Local Security Checks
high
118785RHEL 7 : kernel (RHSA-2018:3459)NessusRed Hat Local Security Checks
high
118770Oracle Linux 7 : kernel (ELSA-2018-3083)NessusOracle Linux Local Security Checks
high
118528RHEL 7 : kernel-rt (RHSA-2018:3096)NessusRed Hat Local Security Checks
high
118525RHEL 7 : kernel (RHSA-2018:3083)NessusRed Hat Local Security Checks
high
118513RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)NessusRed Hat Local Security Checks
high
118440EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1352)NessusHuawei Local Security Checks
high
118283SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-2) (Foreshadow)NessusSuSE Local Security Checks
high
118165RHEL 6 : kernel (RHSA-2018:2933)NessusRed Hat Local Security Checks
high
118164RHEL 6 : kernel (RHSA-2018:2925)NessusRed Hat Local Security Checks
high
118163RHEL 6 : kernel (RHSA-2018:2924)NessusRed Hat Local Security Checks
high
118057Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20181009)NessusScientific Linux Local Security Checks
high
118028RHEL 6 : kernel (RHSA-2018:2846)NessusRed Hat Local Security Checks
high
118025Oracle Linux 6 : kernel (ELSA-2018-2846)NessusOracle Linux Local Security Checks
high
118018CentOS 6 : kernel (CESA-2018:2846)NessusCentOS Local Security Checks
high
117783RHEL 6 : kernel (RHSA-2018:2791)NessusRed Hat Local Security Checks
high
117781RHEL 7 : kernel (RHSA-2018:2785)NessusRed Hat Local Security Checks
high
112238EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1279)NessusHuawei Local Security Checks
high
112237EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1278)NessusHuawei Local Security Checks
high
112017Ubuntu 14.04 LTS : Linux kernel regressions (USN-3741-3) (Foreshadow)NessusUbuntu Local Security Checks
high
111997openSUSE Security Update : the Linux Kernel (openSUSE-2018-885) (Foreshadow)NessusSuSE Local Security Checks
high
111837SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2374-1) (Foreshadow)NessusSuSE Local Security Checks
high
111815SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-1) (Foreshadow)NessusSuSE Local Security Checks
high
111812openSUSE Security Update : the Linux Kernel (openSUSE-2018-886) (Foreshadow)NessusSuSE Local Security Checks
high
111763Debian DLA-1466-1 : linux-4.9 security updateNessusDebian Local Security Checks
high
111753Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3742-1) (Foreshadow)NessusUbuntu Local Security Checks
high
111752Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3741-2) (Foreshadow)NessusUbuntu Local Security Checks
high
111751Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3741-1) (Foreshadow)NessusUbuntu Local Security Checks
high
111750Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3740-2) (Foreshadow)NessusUbuntu Local Security Checks
high
111749Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3740-1) (Foreshadow)NessusUbuntu Local Security Checks
high
111725Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4195) (Foreshadow)NessusOracle Linux Local Security Checks
high
111707Debian DSA-4272-1 : linux - security updateNessusDebian Local Security Checks
high
111702Amazon Linux AMI : kernel (ALAS-2018-1058) (Foreshadow)NessusAmazon Linux Local Security Checks
high
111701Amazon Linux 2 : kernel (ALAS-2018-1058) (Foreshadow)NessusAmazon Linux Local Security Checks
high