CVE-2018-5391
HighThe Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVSS 3.1 score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness type
CWE-400CVE-2018-5391 is a Uncontrolled Resource Consumption vulnerability
What is Uncontrolled Resource Consumption?
The product does not properly control the amount of resources it consumes, leading to exhaustion. Learn more on MITRE CWE
References
The following references provide additional information about CVE-2018-5391 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
Third Party Advisory
-
Broken Link
-
Mailing List Third Party Advisory
-
Mailing List Third Party Advisory
-
Mailing List Third Party Advisory
-
Securityfocushttp://www.securityfocus.com/bid/105108Third Party Advisory VDB Entry
-
Securitytrackerhttp://www.securitytracker.com/id/1041476Third Party Advisory VDB Entry
-
Securitytrackerhttp://www.securitytracker.com/id/1041637Third Party Advisory VDB Entry
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Mailing List Mitigation Third Party Advisory
-
Mailing List Third Party Advisory
-
Third Party Advisory
-
-
Ubuntu Securityhttps://usn.ubuntu.com/3740-1/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3740-2/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3741-1/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3741-2/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3742-1/Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/3742-2/Third Party Advisory
-
Debian Securityhttps://www.debian.org/security/2018/dsa-4272Mitigation Third Party Advisory
-
Third Party Advisory US Government Resource
-
PatchKernel patch commithttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
Frequently asked questions
-
What is CVE-2018-5391?
CVE-2018-5391 is a High severity Linux kernel vulnerability with a CVSS score of 7.5 out of 10 , classified as an Uncontrolled Resource Consumption flaw (CWE-400) . CVE-2018-5391 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2018-5391?
CVE-2018-5391 has a CVSS score of 7.5 out of 10, rated High severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. -
Is there a patch available for CVE-2018-5391?
No patch is currently available for CVE-2018-5391. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2018-5391 actively exploited?
No — CVE-2018-5391 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
-
What is Uncontrolled Resource Consumption (CWE-400)?
The product does not properly control the amount of resources it consumes, leading to exhaustion. View CWE-400 on MITRE CWE →