Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-5391

UNKNOWN
Published 2018-09-06T21:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-5391. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Kernel

Affected Versions:

3.9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-p6x5-xg7h-fj5h

Advisory Details

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-5391
WEB https://www.kb.cert.org/vuls/id/641765
WEB https://www.debian.org/security/2018/dsa-4272
WEB https://usn.ubuntu.com/3742-2
WEB https://usn.ubuntu.com/3742-1
WEB https://usn.ubuntu.com/3741-2
WEB https://usn.ubuntu.com/3741-1
WEB https://usn.ubuntu.com/3740-2
WEB https://usn.ubuntu.com/3740-1
WEB https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS
WEB https://security.netapp.com/advisory/ntap-20181003-0002
WEB https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
WEB https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
WEB https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf
WEB https://access.redhat.com/errata/RHSA-2018:3590
WEB https://access.redhat.com/errata/RHSA-2018:3586
WEB https://access.redhat.com/errata/RHSA-2018:3540
WEB https://access.redhat.com/errata/RHSA-2018:3459
WEB https://access.redhat.com/errata/RHSA-2018:3096
WEB https://access.redhat.com/errata/RHSA-2018:3083
WEB https://access.redhat.com/errata/RHSA-2018:2948
WEB https://access.redhat.com/errata/RHSA-2018:2933
WEB https://access.redhat.com/errata/RHSA-2018:2925
WEB https://access.redhat.com/errata/RHSA-2018:2924
WEB https://access.redhat.com/errata/RHSA-2018:2846
WEB https://access.redhat.com/errata/RHSA-2018:2791
WEB https://access.redhat.com/errata/RHSA-2018:2785
WEB http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
WEB http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en
WEB http://www.openwall.com/lists/oss-security/2019/06/28/2
WEB http://www.openwall.com/lists/oss-security/2019/07/06/3
WEB http://www.openwall.com/lists/oss-security/2019/07/06/4
WEB http://www.securityfocus.com/bid/105108
WEB http://www.securitytracker.com/id/1041476
WEB http://www.securitytracker.com/id/1041637

Advisory provided by GitHub Security Advisory Database. Published: May 14, 2022, Modified: May 14, 2022

References

https://access.redhat.com/errata/RHSA-2018:3540
https://access.redhat.com/errata/RHSA-2018:2785
https://access.redhat.com/errata/RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:2925
https://www.kb.cert.org/vuls/id/641765
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
https://usn.ubuntu.com/3741-2/
http://www.securitytracker.com/id/1041476
https://access.redhat.com/errata/RHSA-2018:3459
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
https://access.redhat.com/errata/RHSA-2018:2933
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3741-1/
https://access.redhat.com/errata/RHSA-2018:3590
https://access.redhat.com/errata/RHSA-2018:2948
https://usn.ubuntu.com/3742-2/
https://usn.ubuntu.com/3740-1/
http://www.securityfocus.com/bid/105108
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
https://usn.ubuntu.com/3742-1/
https://access.redhat.com/errata/RHSA-2018:2924
https://www.debian.org/security/2018/dsa-4272
https://access.redhat.com/errata/RHSA-2018:3586
https://access.redhat.com/errata/RHSA-2018:2846
http://www.securitytracker.com/id/1041637
https://access.redhat.com/errata/RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:2791
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://security.netapp.com/advisory/ntap-20181003-0002/
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
https://support.f5.com/csp/article/K74374841?utm_source=f5support&amp%3Butm_medium=RSS
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf
Published: 2018-09-06T21:00:00
Last Modified: 2024-08-05T05:33:44.368Z
Copied to clipboard!