Security Alert (A18-08-01): Vulnerability in Linux Kernel
08 August 2018
A vulnerability was found in the Linux kernel of the affected operating systems. The Linux kernel can be forced to handle expensive function calls which would exhaust the resources of the vulnerable system. A remote attacker may send specially crafted packets within ongoing TCP sessions to exploit this vulnerability in the affected systems.
The following is only a sample list of Linux systems that are affected. The list is not exhaustive and it is strongly recommended to consult the product vendors if the used Linux systems are affected.
All versions of Red Hat Enterprise Linux 5, 6 and 7
SUSE Linux Enterprise 15 and openSUSE Leap 15.0
Ubuntu 16.04 LTS and 18.04 LTS
Linux operating systems (on 32-bit and 64-bit) based on some kernel version 4.9 distributions
Red Hat announced that Red Hat Enterprise Linux 5 will not receive patches for this issue due to its life cycle. Users should upgrade to the latest version or arrange migrating to other supported technology.
Successful exploitation could lead to denial of service of a vulnerable system.
The vulnerability is fixed in some of the Linux distributions, such as Debian, Oracle Linux, SUSE and Ubuntu. System administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of patches, and if so, apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.