⚠ Exploited in the wild

Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-5391 — Uncontrolled Resource Consumption in Kernel

CWE-400 — Uncontrolled Resource Consumption CWE-20 — Improper Input Validation17 documents11 sources

Severity

7.5HIGHNVD

EPSS

3.8%

top 11.85%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Linux Kernel Linux Kernel F5 Big-ip Access Policy Manager +47 more

Timeline

PublishedSep 6

Latest updateMay 14

Description

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages44 packages

▶CVEListV5linux/kernel3.9 — 3.9*

▶Debianlinux/linux_kernel< 4.17.15-1+3

▶NVDlinux/linux_kernel3.9 — 4.18

▶NVDf5/big-ip_fraud_protection_service11.5.1 — 11.6.5.1+4

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, Enterprise Linux 6.4, 6.5, 6.6, 7.2, 7.3, 7.4, 6.7, 7.5

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-p6x5-xg7h-fj5h: The Linux kernel, versions 3↗2022-05-14

▶

CVEList

The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets↗2018-09-06

▶

OSV

CVE-2018-5391: The Linux kernel, versions 3↗2018-09-06

▶

VulnCheck

Linux Kernel Uncontrolled Resource Consumption↗2018

▶

📋Vendor Advisories

Palo Alto

Information about FragmentSmack findings↗2018-09-19

▶

Cisco

Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018↗2018-08-24

▶

Ubuntu

Linux kernel vulnerabilities↗2018-08-14

▶

Ubuntu

Linux kernel vulnerabilities↗2018-08-14

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2018-08-14

▶

💬Community

Bugzilla

CVE-2018-14641 CVE-2018-5391 kernel: various flaws [fedora-all]↗2018-08-14

▶

Bugzilla

CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)↗2018-07-30

▶

External resources

NVD MITRE

Affected products50

Canonical Ubuntu Linuxv12.04v14.04v16.04+1 more

Debian Linuxv8.0v9.0

F5 Big-ip Access Policy Manager≥ 11.5.1, < 11.6.5.1≥ 12.1.0, < 12.1.5≥ 13.0.0, < 13.1.3+2 more

F5 Big-ip Advanced Firewall Manager≥ 11.5.1, < 11.6.5.1≥ 12.1.0, < 12.1.5≥ 13.0.0, < 13.1.3+2 more

F5 Big-ip Analytics≥ 11.5.1, < 11.6.5.1≥ 12.1.0, < 12.1.5≥ 13.0.0, < 13.1.3+2 more

F5 Big-ip Application Acceleration Manager≥ 11.5.1, < 11.6.5.1≥ 12.1.0, < 12.1.5≥ 13.0.0, < 13.1.3+2 more

F5 Big-ip Application Security Manager≥ 11.5.1, < 11.6.5.1≥ 12.1.0, < 12.1.5≥ 13.0.0, < 13.1.3+2 more

F5 Big-ip Domain Name System≥ 11.5.1, < 11.6.5.1≥ 12.1.0, < 12.1.5≥ 13.0.0, < 13.1.3+2 more

F5 Big-ip Edge Gateway≥ 11.5.1, < 11.6.5.1≥ 12.1.0, < 12.1.5≥ 13.0.0, < 13.1.3+2 more

F5 Big-ip Fraud Protection Service≥ 11.5.1, < 11.6.5.1≥ 12.1.0, < 12.1.5≥ 13.0.0, < 13.1.3+2 more

Disclosure

PublishedSep 6, 2018

Latest updateMay 14, 2022