Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server aus 7.2 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server tus 7.2 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server aus 6.6 |
||
redhat enterprise linux server eus 7.2 |
||
redhat enterprise linux server aus 6.5 |
||
redhat enterprise linux server aus 6.4 |
||
redhat enterprise linux server tus 7.3 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server eus 7.3 |
||
redhat enterprise linux server eus 7.4 |
||
redhat virtualization 4.0 |
||
redhat enterprise linux server tus 7.4 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server eus 6.4 |
||
redhat enterprise linux server eus 6.7 |
||
redhat enterprise linux server tus 6.6 |
||
linux linux kernel |
||
linux linux kernel 4.18 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 18.04 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
hp aruba clearpass policy manager |
||
hp aruba airwave amp |
||
f5 big-ip application acceleration manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip analytics |
||
f5 big-ip access policy manager |
||
f5 big-ip application security manager |
||
f5 big-ip link controller |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip edge gateway |
||
f5 big-ip global traffic manager |
||
f5 big-ip webaccelerator |
||
f5 big-ip local traffic manager |
||
f5 big-ip domain name system |
||
f5 big-ip fraud protection service |
||
f5 big-ip local traffic manager 14.0.0 |
||
f5 big-ip application acceleration manager 14.0.0 |
||
f5 big-ip advanced firewall manager 14.0.0 |
||
f5 big-ip analytics 14.0.0 |
||
f5 big-ip access policy manager 14.0.0 |
||
f5 big-ip application security manager 14.0.0 |
||
f5 big-ip domain name system 14.0.0 |
||
f5 big-ip edge gateway 14.0.0 |
||
f5 big-ip fraud protection service 14.0.0 |
||
f5 big-ip global traffic manager 14.0.0 |
||
f5 big-ip link controller 14.0.0 |
||
f5 big-ip policy enforcement manager 14.0.0 |
||
f5 big-ip webaccelerator 14.0.0 |
||
f5 traffix systems signaling delivery controller 4.4.0 |
||
f5 traffix systems signaling delivery controller |
||
a10networks advanced core operating system 3.2.2 |
||
a10networks advanced core operating system 4.1.0 |
||
a10networks advanced core operating system 4.1.1 |
||
a10networks advanced core operating system 4.1.2 |
||
a10networks advanced core operating system 4.1.4 |
||
cisco meeting management 1.0.1 |
||
cisco meeting management 1.0 |
||
cisco expressway series - |
||
cisco collaboration meeting rooms 1.0 |
||
cisco webex video mesh - |
||
cisco webex hybrid data security - |
||
cisco network assurance engine 2.1\\(1a\\) |
||
cisco digital network architecture center 1.2 |
||
cisco threat grid-cloud - |
||
cisco expressway x8.10 |
||
cisco expressway x8.10.1 |
||
cisco expressway x8.10.2 |
||
cisco expressway x8.10.3 |
||
cisco expressway x8.10.4 |
||
cisco expressway x8.11 |
||
cisco telepresence_video_communication_server_firmware x8.10 |
||
cisco telepresence_video_communication_server_firmware x8.10.1 |
||
cisco telepresence_video_communication_server_firmware x8.10.2 |
||
cisco telepresence_video_communication_server_firmware x8.10.3 |
||
cisco telepresence_video_communication_server_firmware x8.10.4 |
||
cisco telepresence_video_communication_server_firmware x8.11 |
||
cisco telepresence_conductor_firmware xc4.3 |
||
cisco telepresence_conductor_firmware xc4.3.1 |
||
cisco telepresence_conductor_firmware xc4.3.2 |
||
cisco telepresence_conductor_firmware xc4.3.3 |
||
cisco telepresence_conductor_firmware xc4.3.4 |
Patches incoming for kernel versions 4.9 and up
A networking flaw has been discovered in the Linux kernel that could trigger a remote denial-of-service attack. Versions 4.9 and up are "vulnerable to denial-of-service conditions with low rates of specially crafted packets", according to a US-CERT advisory this week. The bug is being tracked as SegmentSmack (CVE-2018-5390). SegmentSmack – which sounds a bit like an American wrestler whose speciality is to close bouts just before an ad break – has prompted fixes for a wide variety of network...