CVE-2018-5390
HighLinux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVSS 3.1 score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness type
CWE-400CVE-2018-5390 is a Uncontrolled Resource Consumption vulnerability
What is Uncontrolled Resource Consumption?
The product does not properly control the amount of resources it consumes, leading to exhaustion. Learn more on MITRE CWE
References
The following references provide additional information about CVE-2018-5390 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
Third Party Advisory
-
Third Party Advisory
-
Mailing List Third Party Advisory
-
Mailing List Third Party Advisory
-
Mailing List Third Party Advisory
-
Securityfocushttp://www.securityfocus.com/bid/104976Third Party Advisory VDB Entry
-
Securitytrackerhttp://www.securitytracker.com/id/1041424Third Party Advisory VDB Entry
-
Securitytrackerhttp://www.securitytracker.com/id/1041434Third Party Advisory VDB Entry
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
-
Toolshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcpThird Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3732-1/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3732-2/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3741-1/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3741-2/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3742-1/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3742-2/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3763-1/Third Party Advisory
-
A10Networkshttps://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmackMitigation Third Party Advisory
-
Debian Securityhttps://www.debian.org/security/2018/dsa-4266Third Party Advisory
-
Third Party Advisory US Government Resource
-
Third Party Advisory
-
Third Party Advisory
-
PatchKernel patch commithttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
-
PatchKernel patch commithttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Frequently asked questions
-
What is CVE-2018-5390?
CVE-2018-5390 is a High severity Linux kernel vulnerability with a CVSS score of 7.5 out of 10 , classified as an Uncontrolled Resource Consumption flaw (CWE-400) . CVE-2018-5390 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2018-5390?
CVE-2018-5390 has a CVSS score of 7.5 out of 10, rated High severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. -
Is there a patch available for CVE-2018-5390?
No patch is currently available for CVE-2018-5390. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2018-5390 actively exploited?
No — CVE-2018-5390 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
-
What is Uncontrolled Resource Consumption (CWE-400)?
The product does not properly control the amount of resources it consumes, leading to exhaustion. View CWE-400 on MITRE CWE →