CVE-2018-5391

Name
CVE-2018-5391
Description
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://www.kb.cert.org/vuls/id/641765
Patch https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
Mitigation https://www.debian.org/security/2018/dsa-4272
Third Party Advisory https://usn.ubuntu.com/3742-2/
Third Party Advisory https://usn.ubuntu.com/3742-1/
Third Party Advisory https://usn.ubuntu.com/3741-2/
Third Party Advisory https://usn.ubuntu.com/3741-1/
Third Party Advisory https://usn.ubuntu.com/3740-2/
Third Party Advisory https://usn.ubuntu.com/3740-1/
Mitigation https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
Third Party Advisory http://www.securitytracker.com/id/1041476
Third Party Advisory http://www.securityfocus.com/bid/105108
Third Party Advisory http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
Third Party Advisory http://www.securitytracker.com/id/1041637
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2791
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2785
Third Party Advisory https://security.netapp.com/advisory/ntap-20181003-0002/
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2846
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2933
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2925
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2924
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3096
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3083
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3459
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3590
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3586
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3540
MLIST https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
MLIST http://www.openwall.com/lists/oss-security/2019/06/28/2
MLIST http://www.openwall.com/lists/oss-security/2019/07/06/3
MLIST http://www.openwall.com/lists/oss-security/2019/07/06/4
CONFIRM https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS
CONFIRM http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en
CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 3.9 <= 4.18

Vulnerable and fixed packages

Source package Branch Version Maintainer Status