Linux kernel DoS vulnerability

A Linux kernel TCP implementation is vulnerable to Denial of Service (DoS) condition with low rates of specially modified packets.

Linux versions 4.9 and greater are impacted by the DoS vulnerability (CVE-2018-5390). An attacker could trigger the DoS condition against a system with an open and available port. 

An excerpt of the threat published in the recent National Cybersecurity and Communications Integration Center (NCCIC) security advisory

“Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port. Thus, the attacks cannot be performed using spoofed IP addresses.”

See more details on impacted vendors here that is widespread.  

Leave a Comment

Your email address will not be published. Required fields are marked *