Published on: 08 August 2018
A vulnerability was found in the Linux kernel of the affected operating systems. The Linux kernel can be forced to handle expensive function calls which would exhaust the resources of the vulnerable system. A remote attacker may send specially crafted packets within ongoing TCP sessions to exploit this vulnerability in the affected systems.
The following is only a sample list of Linux systems that are affected. The list is not exhaustive and it is strongly recommended to consult the product vendors if the used Linux systems are affected.
Red Hat announced that Red Hat Enterprise Linux 5 will not receive patches for this issue due to its life cycle. Users should upgrade to the latest version or arrange migrating to other supported technology.
Successful exploitation could lead to denial of service of a vulnerable system.
The vulnerability is fixed in some of the Linux distributions, such as Debian, Oracle Linux, SUSE and Ubuntu. System administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of patches, and if so, apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
https://www.spinics.net/lists/netdev/msg514742.html
https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-014.html
https://www.hkcert.org/my_url/en/alert/18080702
https://www.kb.cert.org/vuls/id/962459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5390